AWS Cloudfront

AWS Cloudfront

AWS Cloudfront is a CDN (Content Delivery Network). It retrieves data from Amazon S3 bucket and distributes it to multiple datacenter locations. It delivers the data through a network of data centers called edge locations. The nearest edge location is routed when the user requests for data, resulting in lowest latency, low network traffic, fast access to data, etc.

AWS CloudFront is a globally-distributed network offered by Amazon Web Services, which securely transfers content such as software, SDKs, videos, etc., to the clients, with high transfer speed.

CloudFront offers the most advanced security capabilities, including field level encryption and HTTPS support, seamlessly integrated with AWS Shield, AWS Web Application Firewall and Route 53 to protect against multiple types of attacks including network and application layer DDoS attacks. These services co-reside at edge networking locations – globally scaled and connected via the AWS network backbone – providing a more secure, performant, and available experience for your users.

CloudFront works seamlessly with any AWS origin, such as Amazon S3, Amazon EC2, Elastic Load Balancing (ELB), or with any custom HTTP origin. You can customize your content delivery through CloudFront using the secure and programmable edge computing feature AWS Lambda@Edge.

  • Content Delivery Network (CDN)
  • Improves read performance, content is cached at the edge
  • 216 Point of Presence globally (edge locations) as of now.
  • DDoS protection, integration with Shield, AWS Web Application Firewall
  • Can expose external HTTPS and can talk to internal HTTPS backends

CloudFront – Origins

S3 bucket:

  • For distributing files and caching them at the edge
  • Enhanced security with CloudFront Origin Access Identity (OAI)
  • CloudFront can be used as an ingress (to upload files to S3)

Custom Origin (HTTP):

  • Application Load Balancer(ALB)
  • EC2 instance
  • S3 website (must first enable the bucket as a static S3 website)
  • Any HTTP backend you want

CloudFront Geo Restriction:

  • You can restrict who can access your distribution
  • Whitelist: Allow your users to access your content only if they’re in one of the countries on a list of approved countries.
  • Blacklist: Prevent your users from accessing your content if they’re in one of the countries on a blacklist of banned countries.
  • The “country” is determined using a 3rd party Geo-IP database
  • Use case: Copyright Laws to control access to content

CloudFront vs S3 Cross Region Replication:


  • Global Edge network
  • Files are cached for a TTL (maybe a day)
  • Great for static content that must be available everywhere

S3 Cross Region Replication:

  • Must be setup for each region you want replication to happen
  • Files are updated in near real-time
  • Read only
  • Great for dynamic content that needs to be available at low-latency in few regions

CloudFront Signed URL / Signed Cookies:

  • You want to distribute paid shared content to premium users over the world
  • We can use CloudFront Signed URL / Cookie. We attach a policy with:
  • Includes URL expiration
  • Includes IP ranges to access the data from
  • Trusted signers (which AWS accounts can create signed URLs)
  • How long should the URL be valid for?
  • Shared content (movie, music): make it short (a few minutes)
  • Private content (private to the user): you can make it last for years

Signed URL = access to individual files (one signed URL per file)

Signed Cookies = access to multiple files (one signed cookie for many files)

Benefits of AWS CloudFront:

It will cache your content in edge locations and decrease the workload, thus resulting in high availability of applications.

It is simple to use and ensures productivity enhancement.

It provides high security with the ‘Content Privacy’ feature.

It facilitates GEO targeting service for content delivery to specific end-users.

It uses HTTP or HTTPS protocols for quick delivery of content.

It is less expensive, as it only charges for the data transfer.

Features of CloudFront

Fast − The broad network of edge locations and CloudFront caches copies of content close to the end users that results in lowering latency, high data transfer rates and low network traffic. All these make CloudFront fast.

Simple − It is easy to use.

Can be used with other AWS Services − Amazon CloudFront is designed in such a way that it can be easily integrated with other AWS services, like Amazon S3, Amazon EC2.

Cost-effective − Using Amazon CloudFront, we pay only for the content that you deliver through the network, without any hidden charges and no up-front fees.

Elastic − Using Amazon CloudFront, we need not worry about maintenance. The service automatically responds if any action is needed, in case the demand increases or decreases.

Reliable − Amazon CloudFront is built on Amazon’s highly reliable infrastructure, i.e. its edge locations will automatically re-route the end users to the next nearest location, if required in some situations.

Global − Amazon CloudFront uses a global network of edge locations located in most of the regions.

Amazon CloudFront Pricing

With the AWS free tier, during the 12 months after your account was created, AWS provides 50GB of free outbound data transfer and 2 million free HTTP/HTTPS requests to your CloudFront distributions per month. The free tier also includes 1,000 free invalidation requests per month. This is generally enough to experiment with using CloudFront but insufficient for production use.

In some edge locations around the world, for example in South America and Australia, data transfer pricing can be significantly higher than in US regions. You can reduce the number of edge location for cost reduction.

To help you control the costs, CloudFront offers three different price classes:

  1. Price class All: Includes all regions in class 200, **plus South America and Australia. (all regions -best performance)
  2. Price Class 200: Includes all regions in class 100, plus South Africa, the Middle East, Japan, India, Singapore, South Korea, Taiwan, Hong Kong, and the Philippines. (most regions but excludes the most expensive regions)
  3. Price Class 100: Includes only standard-priced regions in the US, Canada, and Europe. (only least expensive regions)

Related Posts:

Amazon Web Service – AWS Tutorial

Top 13 Reasons to Why Learn AWS in 2022

What is AWS CloudTrail ? – AWS CloudTrail

Amazon Simple Workflow Service (Amazon SWF)