Home

Serving content from CDN (Amazon CloudFront)

Introduction to Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, and no minimum usage commitments. CloudFront works by caching content at edge locations worldwide so that users can access the content from a location closest to them. This reduces latency and improves the user experience.

Use Cases for Amazon CloudFront

Amazon CloudFront can be used for a variety of use cases, including:

  1. Website and Web Application Delivery: CloudFront can be used to accelerate the delivery of static and dynamic content, such as HTML, CSS, JavaScript, and images, for websites and web applications.

  2. Media Delivery: CloudFront can be used to deliver live and on-demand video and audio streams and accelerate the delivery of large files, such as software downloads or game updates.

  3. API Acceleration: CloudFront can be used to accelerate the delivery of APIs, such as those used for mobile and web applications.

  4. Security: CloudFront can be used to protect against DDoS attacks and other security threats and enforce access controls, such as IP blocking and geo-restriction.

Price Classes

Amazon CloudFront offers different price classes to control the number of edge locations that serve your content. There are four price classes available:

  1. Price Class All: This is the most expensive option and ensures that your content is served from all edge locations in the AWS network.

  2. Price Class 200: This option serves content from edge locations in all regions except South America and Africa.

  3. Price Class 100: This option serves content from edge locations in the US, Europe, Asia, and Australia.

  4. Price Class Free: This option is only available for customers using the AWS Free Tier and serves content from a limited number of edge locations.

Choosing the appropriate price class depends on your budget, the locations of your users, and the importance of low latency and high transfer speeds.

Attaching a Custom Domain

When you create a CloudFront distribution, AWS assigns a domain name to your distribution in the format of [random string].cloudfront.net. To use your domain name, attach it to your CloudFront distribution and create a CNAME record for your domain.

To attach a custom domain to your CloudFront distribution, follow these steps:

  1. In the CloudFront console, click on the distribution for which you want to add a custom domain.

  2. Click on the "Edit" button.

  3. In the "Alternate Domain Names (CNAMEs)" field, enter the domain name you want to use.

  4. Click on the "Add Alternate Domain Names" button.

  5. Click on the "Custom SSL Certificate" dropdown menu and select the SSL certificate you want to use.

  6. Click on the "Yes, Edit" button to save your changes.

  7. Update your DNS settings to point your domain name to the CloudFront distribution domain name.

Configuring Geo-Restrictions

You can configure CloudFront to restrict content access based on geographic location. This feature is useful for compliance with regulatory requirements and for preventing access to your content from unauthorized countries or regions.

To configure geo-restrictions for your CloudFront distribution, follow these steps:

  1. In the CloudFront console, click on the distribution for which you want to configure geo-restrictions.

  2. Click on the "Restrictions" tab.

  3. Under "Geo Restrictions," select "Yes" for "Restrict Viewer Access."

  4. Select the appropriate option for "Restriction Type." You can choose to allow access from specific countries or deny access from specific countries.

  5. Enter the list of countries you want to allow or deny access to in the "Whitelist" or "Blacklist" fields, respectively.

  6. Click on the "Create" button to save your changes.

Create a CloudFront distribution via the UI Console

In this example, we will create a CloudFront distribution to serve the content from our S3 bucket. To create an Amazon CloudFront distribution via the UI console, follow these steps:

  1. Go to the CloudFront console and click "Create Distribution".

  2. Configure the origin: In the "Origin Settings" section, specify the origin of the content you want to deliver via CloudFront. In this example, we will use an S3 bucket as the origin. Set the origin access to "Legacy access identities" and create a new OAI. Also, check the "Yes, update the bucket policy" under the bucket policy.

  3. Configure the cache behavior: In the "Cache Behavior Settings" section, specify how CloudFront should cache and deliver the content from the origin. You can specify cache TTLs, query string parameters, and more.

  4. Configure the viewer protocol policy: In the "Viewer Protocol Policy" section, specify whether CloudFront should use HTTPS or HTTP to communicate with the viewer.

  5. Configure additional settings: You can configure additional settings, such as logging, price class, and custom SSL certificates, as needed.

  6. Create the distribution: Once configuring all the settings, click "Create Distribution" to create the CloudFront distribution.

  7. Test the distribution: Once the distribution is created, you can test it by accessing the CloudFront domain name in a web browser. The content should be delivered from the CloudFront edge location closest to yours.

Practice

In this task, we will use the landing page that we previously hosted with S3 static website hosting.

Our goal is to serve the landing content from CloudFront instead of doing that directly from the S3 bucket.

Requirements

  • The origin (S3 Bucket) must be private. Do not forget to remove the bucket policy and turn on the "block public access" settings.

  • The S3 bucket must only allow access to its objects for the distribution's OAI.

  • The distribution should have recommended cache settings and support only HTTPS protocol.

  • You can use the default domain provided by CloudFront. There is no need to create a certificate and attach a custom domain.

  • Your distribution must allow requests only from Ukraine.

After you create a distribution and make sure that it works according to technical requirements, send a link to @purrplehaze

PreviousAmazon Simple Storage Service (S3)NextAWS CloudFormation

Last updated

Was this helpful?