Amazon CloudFront

Amazon CloudFront is a web service that accelerates the distribution of static and dynamic web content, such as .html, .css, .js, and image files, so that end users see the served content faster. Amazon CloudFront delivers content through a worldwide network of data centers called edge locations. When a user requests content that is served by CloudFront, the request is routed to the edge location that provides the lowest latency (time delay) so that the content is delivered with the best possible performance. Amazon's CloudFront service is used by Hulu, the Slack app, and global company Canon, among others.

Amazon CloudFront accelerates content distribution by routing each user request across the AWS backbone to the edge location that can best serve the content. Typically, this is the Amazon CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that user requests must pass through, which improves performance. Users receive lower latency - the time it takes for the first byte of a file to load - and higher data transfer speeds. As Hosters, we are among the expert organizations of the Amazon CloudFront Service Delivery program, which confirms our expertise and practical experience in implementing projects using the Amazon CloudFront service.

Amazon CloudFront is a classic CDN (Content Delivery Network). It offers excellent reliability and availability because copies of your files (also known as objects) are now stored (or cached) in multiple edge locations around the world.

If the content is already in the edge location with the lowest latency, Amazon CloudFront delivers it immediately. If it is not in that edge location, CloudFront retrieves it from a defined source—such as an Amazon S3 bucket, a MediaPackage feed, or an HTTP server (such as a web server) that has been specified as the source of the final content.

Accelerate the delivery of static site content with AWS CloudFront

Amazon CloudFront can accelerate the delivery of static content (e.g. images, stylesheets, JavaScript, etc.) to audiences around the world. Using Amazon CloudFront, you can leverage the AWS backbone network and CloudFront edge servers to provide viewers with a fast, secure, and reliable experience when visiting your site.

A simple approach to storing and delivering static content is to use an Amazon S3 bucket. Using S3 together with CloudFront has many advantages, including the ability to use Origin Access Identity (OAI) to easily restrict access to Amazon S3 content.

Serving video on demand or live-streaming video

CloudFront offers several options for streaming media to viewers around the world, including pre-recorded files and live events. For video-on-demand (VOD) streaming, you can use Amazon CloudFront to stream in popular formats such as MPEG DASH, Apple HLS, Microsoft Smooth Streaming, and CMAF to any device.

For live streaming, media chunks can be cached at the edge so that multiple requests for a manifest file can be combined, which delivers the chunks in the correct order to reduce the load on the source server.

Encryption of specific fields during system processing

Once HTTPS is configured in Amazon CloudFront, connections to source servers are already secure. By adding field-level encryption, you can protect specific data during system processing in addition to HTTPS security, so that only specific applications at the origin can see this data.

To set up field-level encryption, add a public key to the Amazon CloudFront service and then specify the set of fields to be encrypted with that key. For more information, see Using field-level encryption to protect sensitive data.

Customizing at the edge

Running serverless code at the edge opens up many opportunities to customize content and experiences for viewers with reduced latency. For example, you can return a custom error message when the source server is down for maintenance, so viewers don't receive a generic HTTP error message. You can also use features to authorize users and control access to content before CloudFront forwards the request to your source.

Serve private content using Lambda@Edge personalization

Using Lambda@Edge can help you configure your Amazon CloudFront distribution to serve private content from your own custom source, as an option to use signed URLs or signed cookies.

You can use several techniques to restrict access to your source to Amazon CloudFront only, including using CloudFront IP whitelisting in your firewall and using a custom header to carry a shared secret.

Security

Amazon CloudFront integrates seamlessly with Amazon Shield Standard for DDoS mitigation. In addition, CloudFront 'negotiates' TLS connections using the highest level of security ciphers. You can also take advantage of advanced features such as Field-Level Encryption to protect the most sensitive data across your organization. Amazon CloudFront also integrates with Identity and Access Management (IAM) to control access.

Amazon CloudFront - a summary

Using a CDN such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve website load times, reduce network bandwidth costs, offload web servers, and mitigate DDoS attacks. As Hosters, we implement Amazon CloudFront and suggest how to best use the aforementioned CDN's capabilities.

ANY Questions? contact us!