Amazon CloudFront Cheat Sheet » –

Amazon CloudFront Cheat Sheet » –

Amazon CloudFront

  • Is a Content Delivery Network (CDN) service to help increase performance and experiences for user by speeding up distribution of static and dynamic web content.
  • Deliver contents via world wide data centers called Edge locations. When the user requests to a content, the request will go to the Edge location first, the location is very near user to have better speed and performance instead of going to origin.
  • Benefits is lowest latency and best possible performance.
  • If the content is not in Edge Location, CloudFront will ask Regional Edge Cache Location. If the content is still not existing in Regional Edge, it will go to Origin to get the data.

How CloudFront Work?

  • Origin servers is your data sources, you need to specific this step and CloudFront will get our files and distribute from CloudFront edge locations over the world.
  • The files in your Origin servers are called object.
  • CloudFront Distribution is a configuration to tell CloudFront which is your origin servers when a new request from user to reach. In the meantime, you can also configure the way to cache your content, whether you want CloudFront to log all your requests or whether you want CloudFront to log the requests asap.
  • Each CloudFront Distribution has a domain name and you can see it from CloudFront Console.
  • CloudFront supports HTTP protocol and WebSocket protocol
  • Using [email protected] can help CloudFront customize the calculation on the content in many ways before delivering.
  • CloudFront Regional Edge Cache location is new feature of CloudFront allows to cache more content to your users, even the content is not popular to store in Edge Location. This can improve performance for the content instead of going back to Origin and get it.
  • CloudFront Origin Server types:
    • Amazon S3 bucket
    • MediaPackage channel
    • HTTP Server such as EC2 web server
  • Objects are cached by 24 hours default. You can invalidate this before expired time.
  • Support to compress files.
  • You can use distributions to serve the following content over HTTP or HTTPS:
    • Static and dynamic content
    • Video on demand (Apache HTTP Live Streaming HLS and Microsoft Smooth Streaming)
    • A live event, such as meeting, conference in real time
  • Values ​​that you can configure for a distribution:
    • Delivery method: Web or RTMP
    • Origin settings – information one or more locations where you store your origin contents (up to 25).
    • Cache behavior setting – caching behavior when given URL path pattern for files on your website.
    • Custom error page and error caching
    • Restriction – you can configure the allow to allow some users from countries to access your content, and deny list to deny access from some countries.
  • CloudFront provides policies to configure the cache behavior. You can use pre-made by AWS or custom by your own. These policies to help you configure the cache TTL settings, cache key contents, and compression settings.
  • You can choose HTTPS with CloudFront in both ways:
    • Between viewers and CloudFront
    • Between CloudFront and Origin


  • Use AWS Config to see the CloudFront distributions setting changes.
  • CloudFront can integrate with CloudWatch to monitor websites or applications
  • Capture API requests with CloudTrail. CloudFront is global service, Cloudtrail is Region service. To view CloudFront requests in CloudTrail logs, you must update an existing trail to include global services.


  • CloudFront, WAF, Shield and Route 53 are working seamlessly and be a good friends to bring higher security to defense multiple attacks including network and application (layer 4 and layer 7) DDoS attacks.
  • You can deliver your content, APIs or application via SSL/TLS, and advanced SSL features is enabled automatically.
  • From Geo-restriction capability, you can restrict users from some geographic locations from accessing your content distributed by CloudFront.
  • Origin Access Identity – restrict access to an Amazon S3 bucket, you can only access from CloudFront. This is make sure you leverage the benefits of CloudFront security and other AWS Services such as: WAF, Shield for higher security.
  • Field Level Encryption is a feature of CloudFront that allows to secure some sensitive information such as credit card number to your origin servers.
  • Compliant with PCIDSS, HIPAA, SOC measures.


  • Data transfer out
    • serving objects from edge locations
    • submitting data to your origins
  • Charge for other origin such as S3 storage…
  • HTTP / HTTPS requests
  • Charge for requests with field-level-encryption enabled.
  • Data transfer out from Origin to Edge Location is free of charge.
  • AWS has a free tier for CloudFront


  • Data transfer rate per distribution: 150 Gbps
  • Requests per second per distribution: 250K
  • Files that you can serve per distribution: No quota
  • Maximum length of request, including header and query string, but not including content: 20,480 bytes
  • Maximum length of a URL: 8,192 bytes
  • Web distribution per AWS account: 200
  • Maximum file size for HTTP GET, PUT, POST request: 20GB
  • Response timeout per origin: 1-60 seconds
  • Connection timeout per origin: 1-10 seconds
  • Connection attempts per origin: 1-3
  • File size compression: 1K to 10M bytes
  • Alternate domain names CNAMEs per distribution: 100
  • Origins per distribution: 25
  • Origin group per distribution: 10
  • Origin access identity per account: 100
  • Cache behavior per distribution: 25
  • RMTP distributions per account: 100
  • Request timeout: 30 seconds


Leave a Reply