1. Home
  2. Blog
  3. amazon-cloudfront

Amazon CloudFront

Amazon CloudFront

What is Amazon CloudFront?

Amazon CloudFront is a content delivery network (CDN) service that securely delivers any kind of data to customers worldwide with low latency, low network and high transfer speeds.

It uses edge locations (a network of small data centers) to cache copies of the data for the lowest latency. If the data is not present at edge locations, the request is sent to the source server, and data gets transferred from there.

It is integrated with AWS services such as

● Amazon S3,

● Amazon EC2,

● Elastic Load Balancing,

● Amazon Route 53,

● AWS Elemental Media Services.

The AWS origins from where CloudFront gets its traffic or requests are:

● Amazon S3

● Amazon EC2

● Elastic Load Balancing

● Customized HTTP origin

It provides the programmable and secure edge CDN computing feature through AWS Lambda@Edge.

● It provides operations such as dynamic origin load-balancing, custom bot-management computationally, or building serverless origins.

● It has a built-in security feature to protect data from side-channel attacks such as Spectre and Meltdown.

● Field-level encryption with HTTPS - data remains encrypted throughout starting from the upload of sensitive data.

● AWS Shield Standard - against DDoS attacks.

● AWS Shield Standard + AWS WAF + Amazon Route53 - against more complex attacks than DDoS.

Amazon CloudFront Access Controls:

Signed URLs:

● Use this to restrict access to individual files.

Signed Cookies:

● Use this to provide access to multiple restricted files.

● Use this if the user does not want to change current URLs.

Geo Restriction:

● Use this to restrict access to the data based on the geographic location of the website viewers.

Origin Access Identity (OAI):

● Outside access is restricted using signed URLs and signed cookies, but what if someone tries to access objects using Amazon S3 URL, bypassing CloudFront signed URL and signed cookies. To restrict that, OAI is used.

● Use OAI as a special CloudFront user, and associate it with your Cloudfront distribution to secure Amazon S3 content.

Pricing Details:

● You pay for:

○ Data Transfer Out to Internet / Origin

○ A number of HTTP/HTTPS Requests.

○ Each custom SSL certificate associated with CloudFront distributions

○ Field-level encryption requests.

○ Execution of Lambda@Edge

● You do not pay for:

○ Data transfer between AWS regions and CloudFront.

○ AWS ACM SSL/TLS certificates and Shared CloudFront certificates.


meet razorops team

LATEST POSTS

AWS VPC

Amazon Virtual Private Cloud (VPC) is a service that allows users to create a virtual dedicated network for resources.

Amazon Route 53

Route53 is a managed DNS (Domain Name System) service where DNS is a collection of rules and records intended

AWS Elastic Load Balancer

ELB Stands for Elastic Load Balancer. It distributes the incoming traffic to multiple targets such as Instances, Containers, Lambda Functions, IP Addresses etc.

AWS Direct Connect

AWS Direct Connect is a cloud service that helps to establish a dedicated connection from an on-premises network to one or more VPCs in the same region.

AWS Transit Gateway

AWS Transit Gateway is a network hub used to interconnect multiple VPCs. It can be used to attach all hybrid connectivity


AWS PrivateLink

AWS PrivateLink is a network service used to connect to AWS services hosted by other AWS accounts (referred to as endpoint services) or AWS Marketplace.

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that securely delivers any kind of data to customers


AWS Cloud Map

AWS Cloud Map is a service that keeps track of application components, location dependencies, attributes and health status, and also allows dynamic scaling