What is Amazon CloudFront?
A global content delivery network (CDN) that caches and distributes content (static, dynamic, video, APIs) with low latency from AWS Edge Locations.
What is an Edge Location?
A site where CloudFront caches content closer to users; requests are routed to the nearest edge for faster delivery.
What is a Regional Edge Cache?
Larger caches that sit between edge locations and the origin to further reduce origin fetches.
What types of origins can CloudFront use?
AWS origins (S3, ALB, EC2) and custom origins (non-AWS web servers).
How does CloudFront handle multiple behaviors?
Behaviors let you route different URL paths to different origins or apply unique caching/security settings per path.
What is Origin Failover?
Uses an origin group with a primary and secondary origin—CloudFront automatically fails over on errors (e.g., 500, 502, 503).
How does CloudFront cache content?
Based on cache keys — usually the URL, query strings, headers, and cookies (configurable).
What’s the difference between TTL, MinTTL, and MaxTTL?
MinTTL – shortest time CloudFront will keep cached objects.
MaxTTL – longest time CloudFront will keep cached objects.
DefaultTTL – used if no cache-control headers are present.
What is a Signed URL vs. a Signed Cookie?
Signed URL: Grants temporary access to one object.
Signed Cookie: Grants access to multiple restricted objects.
What is an Origin Access Control (OAC)?
A newer, more secure way to restrict S3 bucket access to only CloudFront (replaces OAI).
Can CloudFront use HTTPS?
Yes — supports HTTPS between viewers and CloudFront, and between CloudFront and the origin.
What is Field-Level Encryption?
Encrypts specific sensitive data (like credit card numbers) in HTTP POST requests at the edge.
How do you enable access logs for CloudFront?
Enable standard or real-time logs, stored in an S3 bucket you specify.
What metrics are available in CloudWatch for CloudFront?
Requests, BytesDownloaded/Uploaded, 4xx/5xx errors, CacheHitRate, etc.
What tool helps analyze CloudFront logs easily?
AWS Athena can query logs in S3 using SQL.
How does CloudFront integrate with Route 53?
Route 53 can use CloudFront distributions as aliases in DNS (using ALIAS records).
How does CloudFront improve S3 performance?
By caching S3 content at edge locations, reducing latency and S3 GET requests.
How does CloudFront integrate with Lambda@Edge?
Lets you run code closer to users (e.g., header manipulation, redirects, authentication).
What’s the purpose of Origin Groups?
Provide high availability by designating primary and secondary origins for automatic failover.
What’s the difference between Viewer Protocol Policy options?
HTTP and HTTPS
Redirect HTTP to HTTPS
HTTPS only
What is the function of Custom Error Pages?
Serve user-friendly pages or custom objects when the origin returns specific HTTP errors.
Can CloudFront distribute dynamic content?
Yes — CloudFront can accelerate both static and dynamic content via TCP and SSL optimizations.
