Cloudfront & AWS Global Accelerator Flashcards
What are some features of AWS cloudfront?
- Stands for content delivery network (CDN)
- Improves read performance, content is cached at the edge
- Improves user experience
- 216 point of presence globally (edge locations)
- DDos protection (because worldwide) integration with shield, AWS web application firewall
What are some features of cloudfront origins?
- S3 bucket is an origin
- For distributing files and caching them at the edge
- Enchanced security with cloudfront origin access control - Custom origins (HTTP)
- Application load balancer
- EC2 instance
What is the difference between cloudfront and S3 cross region replication?
Cloudfront:
- Global edge network
- Files are cached for a TTL (maybe a day)
- Great for static content that must be available everywhere (main benefit)
S3 Cross region replication:
- Must be setup for each region you want replication to happen
- File are updated in near real time
- read only
- Great for dynamic content that needs to be available at low-latency in a few regions (main benefit)
What are some features of cloudfront geo restrictions?
- You can restrict who can access your distribution
- Allowlist: allow your users to access your content only if they’re in one of the countries on a list of approved countries
- Blocklist: Prevent your users from accessing your content if they’re in one of the countries on a list of banned countries
- The “country” is determined using a 3rd party Geo-IP database
What are the different cloudfront pricing?
The cost data of your per edge location price varies but they are:
- Price class all: all regions best performance ( the world)
- Price class 200: most regions, but excludes the most expensive regions
- Price class 100: only the least expensive regions
What are some features of cloudfront cache invalidations?
- In case you debate the back end origin, cloudfront doesn’t know about it and will only get the refreshed content after the TTL has expired
- However you can force an entire or partial cache refresh (thus bypassing the TTL) by performing a cloudfront invalidation
- You can invalidate all files () or a special path (/images/)
What is Unicast IP and anycast IP?
- Unicast IP: one server hold one IP address
- Anycast IP: all Server hold the same IP address and the client is routed to the nearest one
Why are some things to keep in mind about AWS global accelerator?
- Leverage the AWS internal network to route to your application
- Had 2 anycast IP that is created for your application
- The anycast IP send traffic directly to edge locations
- The edge location send the traffic to your application
What are some features of AWS global accelerator
- Works with elastic IP, EC2 instances, ALB, NLB, public or private
- Consistent performance
- Intelligent routing to lowest latency and fast regional failover
- No issue with client cache (bc the IP doesn’t change)
- Internal AWS Network - Health checks
- Global accelerator performs a health check of your application
- Helps make your application global (failover less than 1 minute for unhealthy)
- Great for disaster recovery (thanks to the health checks)
- Security
- Only 2 external IP need to be whitelisted
- DDoS protection thanks to AWS shield
What is the difference between WWS global accelerator and cloudfront?
- They both use AWS global network and its edge location around the world
- Both service integrate with AWS shield for DDoS protection
- Cloudfront:
- Improves performance for both catchable content (such as images and videos)
- Dynamic content (such as API acceleration and dynamic site delivery)
- Content is served at the edge - Global accelerator
- Improve performance for a wide range of applications over TCP or UD
- Proxying packets at the edge to applications running in one or more AWS regions
- Good for HTTP use case that require static IP address
- Good for HTTP use cases that require deterministic, fast regional failover
