CloudFront and Global Accelerator

Post Views: 375

This blog is a part of my journey “Embarking on the AWS Solution Architect Associate SAA-CO3 Certification Journey”

Table of Content

  • Amazon CloudFront
  • Amazon CloudFront Log – Origins
    • S3 bucket
    • Custom Origin (HTTP)
    • ALB or EC2 as an origin
  • CloudFront vs S3 Cross Region Replication
  • CloudFront Geo Restriction
  • CloudFront – Pricing
  • Cache Invalidations
  • AWS Global Accelerator
  • AWS Global Accelerator vs CloudFront

Amazon CloudFront

  • CloudFront is Content Delivery Network (CDN)
  • Improves read performance, content is cached at the edge
  • Improves users experience
  • 216 Point of Presence globally (edge locations)
  • DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall

CloudFront – Origins

S3 bucket

  • For distributing files and caching them at the edge
  • Enhanced security with CloudFront Origin Access Control (OAC)
  • OAC is replacing Origin Access Identity(OAI)
  • CloudFront can be used as an ingress (to upload files to S3)

Custom Origin (HTTP)

  • Application Load Balancer
  • EC2 instance
  • S3 website (must first enable the bucket as a static S3 website)
  • Any HTTP backend you want

CloudFront – S3 as an Origin

CloudFront – ALB or EC2 as an origin

CloudFront vs S3 Cross Region Replication

  • CloudFront
    • Global Edge network
    • Files are cached for a TTL (maybe a day)
    • Great for static content that must be available everywhere
  • S3 Cross Region Replication
    • Must be setup for each region you want replication to happen
    • Files are updated in near real-time
    • Read only
    • Great for dynamic content that needs to be available at low-latency in few regions

CloudFront Geo Restriction

  • You can restrict who can access your distribution
    • Allowlist: Allow your users to access your content only if they’re in one of the countries on a list of approved countries.
    • Blocklist: Prevent your users from accessing your content if they’re in one of the countries on a list of banned countries.
  • The “country” is determined using a 3rd party Geo-IP database
  • Use case: Copyright Laws to control access to content

CloudFront – Pricing

  • CloudFront Edge locations are all around the world
  • The cost of data out per edge location varies
  • You can reduce the number of edge locations for cost reduction
  • Three price classes
    • Price Class All: all regions – best performance
    • Price Class 200: most regions, but excludes the most expensive regions
    • Price Class 100: only the least expensive regions

CloudFront – Cache Invalidations

  • In case you update the back-end origin, CloudFront doesn’t know about it and will only get the refreshed content after the TTL has expired
  • However, you can force an entire or partial cache refresh (thus bypassing the TTL) by performing a CloudFront Invalidation.
  • You can invalidate all files (*) or a special path (/images/*)

AWS Global Accelerator

  • Leverage the AWS internal network to route to your application.
  • 2 Anycast IP are created for your application
    • Anycast IP Definition: all servers hold the same IP address and the client is routed to the nearest one
  • The Anycast IP send traffic directly to Edge Locations
  • The Edge locations send the traffic to your application
  • Works with Elastic IP, EC2 instances, ALB, NLB, public or private
  • Consistent Performance
    • Intelligent routing to lowest latency and fast regional failover
    • No issue with client cache (because the IP doesn’t change)
    • Internal AWS network
  • Health Checks
    • Global Accelerator performs a health check of your applications
    • Helps make your application global (failover less than 1 minute for unhealthy)
    • Great for disaster recovery (thanks to the health checks)
  • Security
    • only 2 external IP need to be whitelisted
    • DDoS protection thanks to AWS Shield

AWS Global Accelerator vs CloudFront

  • They both use the AWS global network and its edge locations around the world
  • Both services integrate with AWS Shield for DDoS protection.
  • CloudFront
    • Improves performance for both cacheable content (such as images and videos)
    • Dynamic content (such as API acceleration and dynamic site delivery)
    • Content is served at the edge
  • Global Accelerator
    • Improves performance for a wide range of applications over TCP or UDP
    • Proxying packets at the edge to applications running in one or more AWS Regions
    • Good fit for non-HTTP use cases, such as gaming(UDP), IoT(MQTT),or Voice over IP
    • Good for HTTP use cases that require static IP addresses
    • Good for HTTP use cases that required deterministic, fast regional failover

Related Post

AWS Global Infrastruture

AWS History and Global Infrastructure: A Journey of Cloud Innovation

September 10, 2023

Understanding the Differences Between File, Volume, Tape Storage Gateway

November 1, 2023

A Quick Overview of EC2 Storages

September 19, 2023