Quick Reference Study Notes for AWS CloudFront (Foundation)

Amazon CloudFront

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, and also audio, video, media files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations.

A Content Delivery Network (CDN) is a globally distributed network of caching servers that speed up the downloading of web pages and other content. CDN use Domain Name System (DNS) geo-location to determine the geographic location of each request for web page or other content, then they server that content from edge caching servers closest to that location instead of the original web server.

There are three core concept that you need to understand in order to start using CloudFront:

  1. Distribution.

  2. Origins.

  3. Cach Control.

With these concept, you can easily use cloudfront to speed up delivery of static content from your websites.


  1. Distribution:

To use Amazon cloudfront, you start by creating distribution, which is identified by a DNS domain name such as e1111111abcdef8.cloudfront.net. To serve files from amazon cloudfront, you can simply use the distribution domain name in place of your website’s domain name; the rest of the file paths stay unchanged. You can use the Amazon cloudfront distribution domain name as it is or you can create user friendly DNS name in your ow domain by creating a CNAME record in Amazon Route 53 or ant other DNS service. The CNAME is automatically redirected to your cloudfront distribution name.

  1. Origin:

When you create a distribution you must specify the DNS domain name of the origin the Amazon s3 bucket or HTTP server from which you want Amazon cloudfront to get the definitive version of your objects (web Files) Examples:

→ Amazon S3 bucket: myawsbucket.s3.amazonaws.com

→ Amazon Ec2 instance: ec2-

→ Elastic Load Balancing load balancer: my-load-balancer-9876543210.us-west-2.elb.amazonaws.com

→ Website URL: mywebserver.mycompanydomain.com

  1. Cache control:

Once requested and served from an edge location , objects stay in the cache until they expire or are evicted to make room from more frequently requested content.

By default, objects expire from the cache after 24 hours. Once an object expires, the next request results in Amazon Cloudfront forwarding the request to the origin to verify that the object is unchanged or to fetch a new version if it has been changed.


Optionally, you can control how long objects stay in Amazon CloudFront cache before expiring. To do this, you can choose to use Cache-Control headers set by your origin server or you can set the minimum, maximum and default Time to Live (TTL) for objects in your Amazon CloudFront distribution.

You can also remove copies of an objects from all Amazon Cloudfront edge locations at any time by calling  the invalidation Application Program Interface (API). This feature removes the object from every Amazon CloudFront edge locations regardless of the expiration of period you set for that object on your origin server.

Use Cases:

Serving the Static  Assets of Popular Websites.                                                                                                

Static assets such as images, CSS and JavaScript traditionally make up the bulk request to typical websites. Using AWS Cloudfront will speed up the user experience and reduce the load on the website itself.

Serving a Whole Website or Web Application

Amazon CloudFront can serve a whole website containing both dynamic and static content

Serving Content to Users Who Are Widely Distributed Geographically.

Amazon CloudFront will improve site performance, especially for distant users, and reduce the load on your origin server.

Distribution Software or Other Large Files

Amazon CloudFront will help speed up the download of these files to end users.

Serving Streaming Media

Amazon CloudFront helps serve streaming media, such as audio and video.

All or Most Requests Come From a Single Location.

If all or most of your request come from a single geographic location, such as a large corporate campus, you will not take advantage of multiple edge locations.  

All or Most Requests Come Through a corporate VPN

Similarly, if your users connect via a corporate Virtual Private Network (VPN), even if they are distributed, user requests appear to CloudFront to originate from one or a few locations. These use cases will generally not see benefits from using Amazon CloudFront.

Whole Website

Using cache behaviors and multiple origins, you can easily use Amazon CloudFront to server your whole website and to support different behaviors for different client devices.

Private Content

In many cases, you may want to restrict access to content in Amazon CloudFront to only selected requestors, such as paid subscribers or to applications or users in your company network. Amazon CloudFront provides several mechanisms to allow you to server private content.

Signed URLs

Use URLs that are valid only between certain times and optionally from certain IP addresses.

Signed Cookies

Require authentication via public and private key pair

Origin Access Identities (OAI)

Restrict access to an Amazon S3 bucket only to a special Amazon CloudFront user associated with your distribution. This is the easiest way to ensure that content in a bucket is only accessed by Amazon CloudFront.

*NOTE : "This study material is collected from multiple sources to make a quick refresh course available to students."


This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy. More info. I Agree