βοΈ What is Amazon CloudFront?
Amazon CloudFront is a Content Delivery Network (CDN) service that delivers data, videos, APIs, and web content with low latency and high transfer speeds via a global network of edge locations.
- It caches content at edge locations
- Improves speed, scalability, and performance
- Supports static and dynamic content
ποΈ CloudFront Architecture
Key Components:
| Component | Description |
|---|---|
| Edge Locations | Global cache servers that serve content to users |
| Regional Edge Caches | Act as a middle layer between Edge and Origin |
| Origin Server | The actual server hosting your original content |
| Distribution | A CloudFront setup defining origin, behaviors, etc. |
| Cache Behavior | Defines routing rules and caching behavior |
π§ Flow:
- User requests content via a CloudFront URL
- CloudFront checks edge cache
- If not present, fetches from origin (S3, EC2, ALB, etc.)
- Response is cached and served to future users
π¦ S3 as Origin
CloudFront + S3 is commonly used for static website hosting or serving large files.
Benefits:
- Low-cost object storage + fast CDN delivery
- Signed URLs and cookies for security
- Can serve public and private content
π οΈ Origin settings:
- Origin Type: S3 bucket
- Restrict bucket access: Yes (recommended) using OAI or OAC
ποΈ Application Load Balancer (ALB) as Origin
Use ALB when serving dynamic content behind microservices or containerized apps.
Example Setup:
- ALB β Targets EC2/ECS containers
- CloudFront caches cacheable portions (headers, images)
- Supports HTTPS at edge + compression
π§ Useful for: web apps, APIs, custom authentication
π₯οΈ EC2 as Origin
You can directly configure EC2 instances as CloudFront origins for:
- Custom-built applications
- Legacy systems
- Temporary sites
π Make sure:
- EC2 is publicly accessible
- Cache headers (e.g.,
Cache-Control) are well-configured
π Geo Restrictions
Control who can access your content based on their geographic location.
Two types:
- Whitelist β Allow only specified countries
- Blacklist β Block specific countries
π οΈ Managed via CloudFront Geo Restriction settings
π Based on IP geo-database provided by AWS
π° CloudFront Pricing Overview
| Component | Billed For |
|---|---|
| Data Transfer Out | Based on GBs transferred from edge locations |
| Requests | Number of HTTP/HTTPS requests |
| Invalidation Requests | First 1,000 paths/month free; then $0.005 ea |
| Field-Level Encryption | Additional charge |
Β
π‘Β Tip: Use AWS Pricing Calculator for custom estimates
π§Ή Cache Invalidation
Sometimes you need to remove outdated content from edge locations.
Options:
- Invalidate specific file:
/images/logo.png - Invalidate wildcard:
/docs/*
π οΈ Use AWS Console, CLI, or SDK:
π§Ύ Notes:
- First 1,000 invalidations/month are free
- Invalidation β deletion in origin β only removes from edge cache
β Summary
| Feature | Description |
|---|---|
| CloudFront CDN | Globally distributed content delivery |
| Origins | S3, EC2, ALB, etc. |
| Geo Restriction | Block or allow access by country |
| Pricing | Pay-as-you-go for bandwidth, requests, etc. |
| Cache Invalidation | Purge specific content from the CDN cache |
π° Amazon CloudFront Pricing Classes (Price Classes)
Price Classes in CloudFront let you control CDN costs by choosing which edge locations your content will be delivered from.
This impacts both performance and pricing.
π Available Price Classes
| Price Class | Edge Locations Used | Cost | Use Case |
|---|---|---|---|
| Price Class 100 | Only US, Canada, and Europe | π² Lowest | Budget-focused apps in Western regions |
| Price Class 200 | Includes Class 100 + Asia + Middle East + Africa | π²π² Medium | Wider reach with balanced cost |
| Price Class All | All AWS edge locations worldwide | π²π²π² Highest | Best performance for global apps |
π§ How to Set It
You can set the price class when creating/editing a distribution:
-
AWS Console β CloudFront β Create Distribution β Settings β Price Class
Example:
π§ Tip:
If your users are mainly from North America and Europe, Price Class 100 is cost-effective.
If you're targeting global users and want lowest latency, go for Price Class All.
β Summary
| Class | Regions Covered | Best For |
|---|---|---|
| 100 | US, Canada, Europe | Cost-saving with regional traffic |
| 200 | Global (except S. America & Oceania) | Mid-range balance of cost + reach |
| All | All global locations | Best performance worldwide |
Β
π§ 1. Unicast IP
πΉ Definition:
A Unicast IP address refers to a single, unique destination on a network. When a packet is sent to a unicast address, itβs delivered to only one specific host.
π§ In AWS:
- All EC2 public/private IPs, ELB IPs, and ENIs use unicast routing
- Packets travel from sender β specific instance or service
β Characteristics:
- One-to-one communication
- Traditional IP addressing model
- Predictable routing path
π 2. Anycast IP
πΉ Definition:
An Anycast IP address is shared across multiple nodes, and traffic is routed to the nearest (or best) instance of the address based on routing metrics like latency, geography, or health.
π§ In AWS:
Used primarily in global services like:
- Amazon Route 53
- AWS Global Accelerator
- CloudFront edge locations
These services advertise the same IP address from multiple AWS edge locations using BGP (Border Gateway Protocol).
β Characteristics:
- One-to-nearest communication
- Improves latency, redundancy, and failover
- Same IP reachable from different locations
π Unicast vs Anycast (Table)
| Feature | Unicast IP | Anycast IP |
|---|---|---|
| Scope | One-to-one | One-to-nearest |
| Usage in AWS | EC2, ALB, NLB, VPC, ENIs | Route 53, Global Accelerator, CloudFront |
| Failover | Handled manually (e.g., ASG, Route 53) | Automatic redirection to nearest healthy endpoint |
| IP Assignment | Unique per device | Shared among multiple endpoints |
| Routing | Static or dynamic | Dynamic via BGP based on network metrics |
| Best For | App servers, internal comms | Global apps, low latency, fast failover |
π Real-World AWS Examples
| Service | Uses Unicast or Anycast? |
|---|---|
| EC2 | β Unicast |
| Application Load Balancer | β Unicast |
| Amazon Route 53 | β Anycast |
| AWS Global Accelerator | β Anycast |
| Amazon CloudFront | β Anycast |