AWS Notes

Cloudfront & The Edge

Last updated
Reading time
3 min read

Overview

CloudFront is AWS's content delivery network (CDN). A CDN works by caching copies of static or dynamic content in edge locations that are closer to the end user. This group of servers around the world is referred to as the edge. The idea would be to avoid a user in the US having to fetch content hosted in Europe which could be slower.

For example, YouTube uses a CDN to cache copies of the same video around the world. If I watch a video in Sydney, and a friend watches one in the US, then we are actually viewing different copies of that video stored in different locations. This design greatly improves streaming quality for the videos because communications to and from the host server don't travel as far.

Edge Content Examples (Origins)

Here are the types of content that can be stored in edge locations:

  1. Static websites and content hosted on an S3 bucket

  2. Lambda Functions can be configured to run on the edge

  3. REST API (Lambda with API Gateway Trigger) responses can be cached

Creating a CloudFront distribution

  1. Create and select an origin such as a server (EC2 instance), S3 bucket, or by setting up a Lambda function with either API Gateway or Lambda@Edge

    • Note: an additional option for running code in CloudFront is to use a CloudFront Function which is more restrictive than a Lambda Function

  2. Configure the caching behavior like the allowed HTTP methods

  3. Optionally, configure DNS records (like in Route 53) to use a custom domain name - great for when hosting a static website in S3 deployed to CloudFront

  4. Deploy which takes a bit to propagate to all edge location

    • Cannot pick and choose which locations, but access from specific countries can be restricted

  5. Security and Access Control

    • Recommended to enable HTTPS to secure content in transit
    • Along with regional access, user access can be configured with signed URLs and cookies
    • WAF and Shield can be added for security against things like DDOS attacks, XSS, SQL injection, etc.

  6. Notes on Hosting Approaches

    • Containerized apps built with ECS or EKS or sites hosted on S3 buckets can be set as CloudFront origins to cache static or dynamic content
    • Amplify can automatically distribute static frontend assets across CloudFront CDN (Backend request caching not handled by Amplify, but can be configured with CloudFront)