A LOW-LATENCY CONTENT DELIVERY NETWORK
CloudFront is a Content Delivery Network, a globally distributed set of servers that can store content returned by your origin servers which in turn enables fast, low latency requests to your content around the globe.
Citing AWS blog for Prime Days 2021, CloudFront "handled 70 peak hour of over 280 million HTTP requests per minute, for a total of over 600 billion HTTP requests". 🤯
A distribution is an actual instantiation of CloudFront. It's where you define all your settings, function mappings from where CloudFront can fetch the content if it's not yet stored in its edge locations.
AWS will take care of routing requests to the user's nearest edge location, so that they can retrieve content with low latencies. Amazon's CloudFront uses a network of more than 225 edge locations and 13 regional mid-tier caches on six continents and 47 different countries.
An origin for your content can be basically anything that is able to serve content via HTTP. If looking at AWS native services, S3 is a common choice to store content and distribute via CloudFront.
You can specify an Origin Access Identity (OAI) and add a policy to your S3 bucket so only this CloudFront distribution is able to retrieve content from this bucket.
CloudFront follows a pay-as-you-go model, like other managed services by AWS.
If you're using AWS native services for your origins, you're not paying additional fees for the data transfer between those services and CloudFront.
Using CloudFront enables you to deliver content in an efficient, reliable & fast way:
Each request receives a computed cache key. This cache key will determine if the request can be returned from the cache (cache hit - results stored in the specific edge location) or if CloudFront needs to call the origin of the distribution.
The cache key is controlled by a cache policy. You can choose between two types:
CloudFront also supports Origin Shield as an additional caching layer, which helps to increase cache hit ratios and also decrease load on your origin servers. All of the requests to CloudFront's caching layer go through Origin Shield & can retrieve each object with a single origin request from Origin Shield.
Run general-purpose code on regional edge locations around the world:
There are four different occasions for which you can attach a Lambda@Edge function:
The lightweight version of Lambda@Edge but with fewer capabilities, but with better latency and cheaper pricing.
Example use-cases:
From a location perspective, both function types are very different:
There are also technical differences between CloudFront functions & Lambda@Edge functions.
Additionally, monthly fee:
CloudFront generates different types of reports which enable you to analyze how your distribution is used & by which audience.
CloudFront automatically detects the origin of the client requests, which you can further use to create approval or blocking lists.
It allows users to access your content only if they are in one of the approved countries.
It blocks users from accessing if they're in one of the banned countries in your block list.
The accuracy of the mapping between IP addresses and country is 99.8%. If CloudFront is not able to determine the location, it will always serve the content which was requested.
CloudFront also got you covered for high availability by providing Origin Failovers. You can define a primary and a secondary origin group and define which HTTP codes will result in a failover to the secondary origin.
CloudFront supports AWS Web Application Firewall (WAF), that lets you monitor the HTTPS requests that are forwarded to CloudFront and let you control access to your content. You can attach a single WAF to one or several of your CloudFront distributions.