Amazon CloudFront

amazon cloudfront

Amazon CloudFront is a cloud service that accelerates the distribution of static and dynamic web content, such as .html, .css, .js, and image files, so that end users see the served content faster. Amazon CloudFront delivers content through a worldwide network of data centers called edge locations. When a user makes a request for content that is served by CloudFront, the request is routed to the edge location that provides the least latency (time delay) so that the content is delivered with the best possible performance. Amazon's CloudFront service is used by Hulu station, Slack app, and global company Canon, among others.

 

Amazon CloudFront accelerates content distribution by routing each user request across AWS network to the edge location that can best serve the content. Typically, this is Amazon CloudFront edge server that provides the fastest delivery to the user. Using the AWS network dramatically reduces the number of networks through which user requests must pass, which improves performance. Users get lower latency - the time it takes for the first byte of a file to load - and higher data transfer rates.

As a Hostersi, we are among the expert organizations of Amazon CloudFront Service Delivery program, which confirms our knowledge and practical experience in implementing projects using Amazon CloudFront service.

amazon cloudfront

Amazon CloudFront is a classic CDN (Content Delivery Network). It gives you greater reliability and availability because copies of your files (also called objects) are now stored (or cached) in multiple edge locations around the world.

If the content is already in the edge location with the lowest latency, Amazon CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from a defined source - such as an Amazon S3 bucket, a MediaPackage feed, or an HTTP server (for example, a web server) that has been specified as the source of the final version of the content.

 

Accelerate the delivery of static site content with AWS CloudFront

Amazon CloudFront can accelerate the delivery of static content (e.g. images, stylesheets, JavaScript, etc.) to audiences around the world. Using Amazon CloudFront, you can leverage the AWS backbone and CloudFront edge servers to provide viewers with a fast, secure, and reliable experience when visiting your site.

A simple approach to storing and delivering static content is to use an Amazon S3 bucket. Using S3 along with CloudFront has many advantages, including the ability to use Origin Access Identity (OAI) to easily restrict access to Amazon S3 content.

Serving video on demand or live video streaming

CloudFront offers several options for streaming media to viewers around the world - both pre-recorded files and live events. For video on demand (VOD) streaming, you can use Amazon CloudFront to stream in popular formats such as MPEG DASH, Apple HLS, Microsoft Smooth Streaming, and CMAF to any device.

For live streaming, you can cache media chunks at the edge, so you can combine multiple requests for a manifest file that delivers the chunks in the correct order to reduce the load on the source server.

Encrypt specific fields during system processing

When you configure HTTPS in Amazon CloudFront, your connections to your source servers are already secure. By adding field-level encryption, in addition to HTTPS security, you can protect specific data during system processing so that only specific applications at the origin can see that data.

To configure field-level encryption, add a public key to the Amazon CloudFront service and then specify the set of fields you want to encrypt with that key. For more information, see Using field-level encryption to protect sensitive data.

Customizing at the edge

Running serverless code at the edge opens up many opportunities to customize content and experiences for viewers, with reduced latency. For example, you can return a custom error message when the source server is down for maintenance, so viewers don't receive a generic HTTP error message. You can also use features to authenticate users and control access to content before CloudFront forwards the request to your source.

Serve private content using [email protected] personalization

Using [email protected] can help you configure your Amazon CloudFront distribution to serve private content from your own custom source, as an option to use signed URLs or signed cookies.

You can use several techniques to restrict access to your source to Amazon CloudFront only, including using CloudFront IP whitelisting in your firewall and using a custom header to carry a shared secret.

Security

Amazon CloudFront seamlessly integrates with Amazon Shield Standard for DDoS mitigation. In addition, CloudFront "negotiates" TLS connections using ciphers with the highest level of security. You can also take advantage of advanced features such as Field-Level Encryption to protect your most sensitive data across your organization. Amazon CloudFront also integrates with Identity and Access Management (IAM) to control access.

Amazon CloudFront - summary

Using a CDN such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve website load times, reduce network bandwidth costs, offload web servers, and mitigate DDoS attacks. As Hostersi, we deploy Amazon CloudFront and suggest how to get the most out of said CDN.

 

ANY QUESTIONS? CONTACT US

Case Studies
Testimonials

We are very pleased with the cooperation with Hostersi. Their specialists helped us a lot in the process of migration and designing hybrid infrastructure (Amazon Web Services and on premise). We recommend Hostersi team as a reliable and professional partner with great competence in DevOps and Cloud Computing

Zbigniew Ćwikliński
Director of the Customer Relationship and Technology Development Department
Briefly about us
We specialize in IT services such as server solutions architecting, cloud computing implementation and servers management.
We help to increase the data security and operational capacities of our customers.