AWS Cloudfront

Content Delivery Network

A Content Delivery Network (CDN) is a geographically ditributed network of servers that work together to provide a highly available and fast delivery of static internet content, based on the geographic locations of the users, the origin of the web content and a content delivery server. This is achieved by directing users’ requests to servers located closer to the user and caching content that is requested. Subsequent requests are served from cache of the local servers hence improving performance.

A CDN allows for the quick transfer of assets needed for loading Internet content including HTML pages, javascript files, stylesheets, images, and videos. The following are the benefits of using CDNs;

  • Improving website load times
  • Reducing bandwidth costs
  • Increasing content availability and redundancy
  • Improving website security

AWS CloudFront

CloudFront is a web service that speeds up distribution of static web content, such as .html, .css, .js, and image files, to the web users. CloudFront delivers content through a worldwide network of data centers called edge locations. When a user requests content that is served with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a web server) that is the source for the definitive version of the content.

CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as software that works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for applications, and AWS Lambda to run custom code close to the viewers. CloudFront also works eamlessly with any non-AWS origin server which stores the original, defnitive versions of the files

Some terminology;

  • Edge Location - is the location where content is cached, which is separate from an AWS Region or Availability Zone, some Edge Locations are outside AWS Regions. They are not for just READ only , they support WRITES too so they can be used to accelerate uploading data into S3 buckets. Objects are cehed in the Edge locations for the duration of the Time To Live (TTL), you can clear cached objects before the TTL expires but that will incur a cost.
  • Origin - is the origin of all the files that the CDN will distribute, this can be an S3 Bucket, EC2 instance, an ELB or Route53
  • Distribution - is the CDN which consistes of a collection of Edge locations, a Distribution will use one of two delivery methods;
    • Web - typically used for websites
    • RTMP - used for media streaming

Setting up a Distribution

In this example we are going to use the AWS console to set up a new CloudFront Distribution that serves files from an S3 bucket.

To get started we need to create a Distribution

CloudFront

We need to choose the delivery method for content being serverd, whether it is Web or RTMP

Delivery Method

The next stage is a form with a lot of options, some which are worth noting are highlighted in red;

Delivery Method

Restricting Bucket Access - this option allows you to restrict direct access to URLs for the files in the S3 bucket, all access needs to go through CloudFront URL. If you choose this option you could create a new identity and update bucket policy to give permissiions to the CloudFront distribution to the bucket contents within this form, if you don’t choose that option you will have to set up the access manually.

Viewer Protocol Policy - this option allows you to set up how you want HTTP and HTTPS requests to your objects to be handled

Delivery Method

TTL Settings - these are the Time To Live settings, and they control how the duration with which the objects are cached on the Edge Locations before they are destroyed. One thing to note is that if you have content that changes frequently then the default setting of 24 hours (86400 seconds) will be too long, meaning that content will remain cached on the Edge locations long after the original content has been updated. And since it costs money to clear the caches manually it is a good idea to configure the TTL according to how frequent your content changes.

Restricting Viewer Access - this option allows you to restrict access to the content by only allowing requests with signed URLs or Cookies. This is useful when you need to serve content that is private to only a limited number of users, for example paying members can have access to the content (by using signed URLs) but other members of the public will not.

Delivery Method

Other options that can be set up include

  • Whether or not to use Web Application Firewall (WAF)
  • Setting up alternate domain names for the CloudFront URLs
  • Using custom SSL certificates
  • Logging location

Once the Distribution has been created it takes about 15 to 20 minutes to be deployed, since it is set up in Edge locations all around the world.

 
comments powered by Disqus