CloudFront Overview

  • CloudFront is a web service that speeds up distribution of your static web content, such as .html, .css, .js, and image files, to your users.

  • CloudFront delivers your content through a worldwide network of data centres called edge locations.

  • When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

  • CloudFront = Static Content.

  • Cross Region Replication = Dynamic Content.

Origin

  • An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers.

  • The following are examples of origins:

    • A S3 bucket.

    • A S3 bucket that is configured with static website hosting.

    • An Elastic Load Balancing load balancer.

    • Any other HTTP server, running on an Amazon EC2 instance or any other kind of host.

Origin Access Identity (OAI)

  • To restrict access to content that you serve from Amazon S3 buckets, follow these steps:

    1. Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.

    2. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.

  • After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.

Geo restriction

  • You can use geo restriction, also known as geo blocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.

Last updated