CloudFront and Global Accelerator Flashcards
What is AWS CloudFront?
It is a Content Delivery Network (CDN) that improves read performance by caching the data at an edge location.
What are the characteristics of CloudFront?
- 216 Points of presence globally (edge locations)
- DDos protection
- integration with Shield
- can be used as an AWS Web Application Firewall
- can expose to external HTTPS and talk to internal HTTPS backends
- can be used as an ingress (to upload files to S3)
What is a CloudFront Origin?
The data source of an object to be retreived such as …
- S3 Bucket which uses Origin Access Identity (OAI)
- or Custom: which includes ALB, EC2, S3 Website, or any HTTP backend you want
What is CloudFront Geo Restriction?
A means to restrict who can access your content via whitelist or blacklist countries.
What are the differences between S3 Cross Region Replication and CloudFront?
CloudFront uses
- Global Edge Network
- Cached files are for a TTL
S3 CRR uses
- Region specific setups for replication to happen
- Near real-time updates
- Read only replication
How can we limit content access to a user(s) through CloudFront?
By using Signed URL (individual file access) or signed Cookies (access to multiple files) with an attached policy to include…
- URL expiration
- IP range limit to access data from
- Trusted Signers which are the AWS accounts that can create signed URLs
What is the difference between a CloudFront Signed URL and an S3 Pre-Signed URL?
CloudFront Signed URL
- allows access to a path no matter the origin
- uses Account wide key-pair that can only be managed by the root user
- can filter by IP, path, date, or expiration
- can leverage caching features
S3 Pre-signed URL
- can issue a request as the person who pre-signed the URL
- uses the IAM key of the signing IAM principal
- has a limited lifetime
What is the difference between Unicast IP and Anycast IP?
Unicast IP is where one server hold only one IP address.
Anycast IP is where all servers hold the same IP address and the client is routed to the nearest one.
What is Global Accelerator?
It is a means to speed up access to your application by using Anycast IPs to send to Edge Locations which then send traffic to your application.
What are the characteristics of the Global Accelerator?
- Works with Elastic IP, EC2, ALB and NLB (public and private)
- maintains consistent performance through intelligent routing, caching, and using AWS internal Network
- provides security by whitelisting only 2 external IPs and using DDoS protection via AWS Shield
What is the difference between CloudFront and Global Accelerator?
CloudFront
- improves performance for cacheable content (such as images and videos)
- provides dynamic content (such as API acceleration and site delivery)
- content is served at the edge
Global Accelerator
- improves performance for applications over TCP or UDP
- provides proxying packet at the edge to applications in one or more regions
- Good fit for non-HTTP needs such as gaming(UDP), IoT(MQTT), or Voice over IP
- Good fit for HTTP cases that require a static IP address
- Good fit for HTTP cases that require deterministic fast regional failover
