Amazon CloudFront is a cloud service that accelerates the distribution of static and dynamic web content, such as .html, .css, .js, and image files, so that end users see the served content faster. Amazon CloudFront delivers content through a worldwide network of data centers called edge locations. When a user makes a request for content that is served by CloudFront, the request is routed to the edge location that provides the least latency (time delay) so that the content is delivered with the best possible performance. Amazon's CloudFront service is used by Hulu station, Slack app, and global company Canon, among others.
Amazon CloudFront accelerates content distribution by routing each user request across AWS network to the edge location that can best serve the content. Typically, this is Amazon CloudFront edge server that provides the fastest delivery to the user. Using the AWS network dramatically reduces the number of networks through which user requests must pass, which improves performance. Users get lower latency - the time it takes for the first byte of a file to load - and higher data transfer rates.
As a Hostersi, we are among the expert organizations of Amazon CloudFront Service Delivery program, which confirms our knowledge and practical experience in implementing projects using Amazon CloudFront service.
Amazon CloudFront is a classic CDN (Content Delivery Network). It gives you greater reliability and availability because copies of your files (also called objects) are now stored (or cached) in multiple edge locations around the world.
If the content is already in the edge location with the lowest latency, Amazon CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from a defined source - such as an Amazon S3 bucket, a MediaPackage feed, or an HTTP server (for example, a web server) that has been specified as the source of the final version of the content.
Accelerate the delivery of static site content with AWS CloudFront
A simple approach to storing and delivering static content is to use an Amazon S3 bucket. Using S3 along with CloudFront has many advantages, including the ability to use Origin Access Identity (OAI) to easily restrict access to Amazon S3 content.
Serving video on demand or live video streaming
CloudFront offers several options for streaming media to viewers around the world - both pre-recorded files and live events. For video on demand (VOD) streaming, you can use Amazon CloudFront to stream in popular formats such as MPEG DASH, Apple HLS, Microsoft Smooth Streaming, and CMAF to any device.
For live streaming, you can cache media chunks at the edge, so you can combine multiple requests for a manifest file that delivers the chunks in the correct order to reduce the load on the source server.
Encrypt specific fields during system processing
When you configure HTTPS in Amazon CloudFront, your connections to your source servers are already secure. By adding field-level encryption, in addition to HTTPS security, you can protect specific data during system processing so that only specific applications at the origin can see that data.
To configure field-level encryption, add a public key to the Amazon CloudFront service and then specify the set of fields you want to encrypt with that key. For more information, see Using field-level encryption to protect sensitive data.
Customizing at the edge
Running serverless code at the edge opens up many opportunities to customize content and experiences for viewers, with reduced latency. For example, you can return a custom error message when the source server is down for maintenance, so viewers don't receive a generic HTTP error message. You can also use features to authenticate users and control access to content before CloudFront forwards the request to your source.
Serve private content using [email protected] personalization
Using [email protected] can help you configure your Amazon CloudFront distribution to serve private content from your own custom source, as an option to use signed URLs or signed cookies.
You can use several techniques to restrict access to your source to Amazon CloudFront only, including using CloudFront IP whitelisting in your firewall and using a custom header to carry a shared secret.
Amazon CloudFront seamlessly integrates with Amazon Shield Standard for DDoS mitigation. In addition, CloudFront "negotiates" TLS connections using ciphers with the highest level of security. You can also take advantage of advanced features such as Field-Level Encryption to protect your most sensitive data across your organization. Amazon CloudFront also integrates with Identity and Access Management (IAM) to control access.
Amazon CloudFront - summary
Using a CDN such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve website load times, reduce network bandwidth costs, offload web servers, and mitigate DDoS attacks. As Hostersi, we deploy Amazon CloudFront and suggest how to get the most out of said CDN.