CloudFront & Global Accelerator

Maarek SAA-C03 Slides v45 — Chapter 13. Personal study extract.

Key content

• CloudFront & Global Accelerator
• Amazon CloudFront
• content is cached at the edge
• globally (edge locations, caches)
• worldwide), integration with Shield,
• AWS Web Application Firewall Source:
• CloudFront – Origins
• CloudFront at a high level
• CloudFront Edge Location
• Forward Request
• to your Origin
• Local Cache
• S3
• HTTP
• or
• Origin
• Client
• GET /beach.jpg?size=300x300 HTTP/1.1
• User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
• Host: www.example.com
• Accept-Encoding: gzip, deflate
• CloudFront – S3 as an Origin
• Edge
• Los Angeles
• Edge
• Mumbai
• Edge
• Melbourne
• Origin (S3 bucket)
• Public www
• Public www
• Edge
• São Paulo
• Origin Access Control
• • S3 bucket policy
• OAC
• Private AWS
• Private AWS
• Private AWS
• Private AWS
• AWS Cloud
• CloudFront vs S3 Cross Region Replication
• regions
• CloudFront – ALB or EC2 as an origin
• Using VPC Origins
• VPC private subnets (no need to expose them on the Internet)
• Users CloudFront
• Edge Location
• Private Subnet
• VPC
• VPC
• Origin
• Application Load Balancer
• Network Load Balancer
• EC2 Instance
• CloudFront – ALB or EC2 as an origin
• Using Public Network
• Edge Location
• Public IPs Application Load Balancer
• Must be Public
• EC2 Instances
• Can be Private
• Allow Security Group
• of Load Balancer
• Allow Public IP of
• Edge Locations
• Security group Security group
• Edge Location EC2 Instances
• Must be Public
• Allow Public IP of Edge Locations
• Security group
• CloudFront Geo Restriction
• countries on a list of approved countries.
• countries on a list of banned countries.
• CloudFront - Pricing
• lower higher
• CloudFront – Price Classes
• 1. Price Class All: all regions – best performance
• 1. Price Class 200: most regions, but excludes the most expensive regions
• 1. Price Class 100: only the least expensive regions
• CloudFront - Price Class
• Prices Class 100
• Prices Class 200
• Prices Class All
• CloudFront – Cache Invalidations
• origin, CloudFront doesn't know
• about it and will only get the
• refreshed content after the TTL has
• expired
• partial cache refresh (thus bypassing
• the TTL) by performing a CloudFront
• Invalidation
• special path (/images/*)
• CloudFront
• Edge Location
• index.html /images/
• Cache
• Edge Location
• Invalidate
• • /index.html
• • /images/*
• invalidate
• S3 Bucket
• (origin)
• index.html /images/
• Cache
• GET /index.html
• update files
• Global users for our application
• application and have global
• users who want to access it
• directly.
• internet, which can add a lot of
• latency due to many hops
• possible through AWS network
• to minimize latency
• America
• Australia
• Europe
• India
• Public ALB
• hops
• Unicast IP vs Anycast IP
• address
• IP address and the client is routed to
• the nearest one
• 12.34.56.78 98.76.54.32
• Client
• 12.34.56.78 12.34.56.78
• Client
• AWS Global Accelerator
• network to route to your
• application
• application
• to Edge Locations
• to your application
• America
• Australia
• Europe
• India
• Public ALB
• Edge location
• Private AWS
• AWS Global Accelerator
• AWS Global Accelerator vs CloudFront

Study checklist

• Read chapter once in English (no full translation)
• Add 7–10 terms → /admin/aws-english/vocab
• Practice 5 questions → /admin/aws-english/reader (tags: aws, cloudfront)
• SRS review → /flashcards/aws-english