Amazon CloudFront
CloudFront is Amazon’s offer for Content Delivery Network. The CDN is composed of a globally distributed set of caching servers that provide low latency and high throughput all around the world.
The network is based on more than 300 PoP (Points of Presence) around the world.
These PoPs are for majority edge locations that serve traffic to the final users but, usually corresponding to AWS regions, there are also regional edge locations. This latter one can be considered a mid-tier cache.
Distributions
A CloudFront distribution is the main resource you can create to distribute content globally, for example when creating a WordPress site we can create a distribution for WordPress media. One of the main settings that a Distribution allows you to specify it’s the content origin, this origin is where CloudFront will try to fetch content before caching it.
Origins
CloudFront supports multiple origins and natively integrates with many AWS Services.
One of the most used integration is with Amazon S3. The combination of S3 + CloudFront it’s widely used to host static websites.
When using CloudFront with Amazon S3 it’s possible to secure the origin’s bucket with an Origin Access Identity (OAI), this feature will protect the bucket from traffic that it’s not originated within your CloudFront distribution.
Caching Behaviour
CloudFront allows you to customize how requests are handled with multiple cache behavior. Each cache behavior allows the user to define a pattern (eg: *.jpg
) and some rules that apply to this pattern.
Static websites provide a good example of how to use cache behaviors. All the media files (JPG, PNG, SVG) are generally cached for a long time meanwhile index.html
is generally cached for a shorter time.
So by having multiple cache behaviors we can have all these customized settings for each file type.
Functions
Lambda@Edge
These Lambda functions allow to run code near the end user, specifically, Lambda@Edge are executed in a regional edge location.
Lambda@Edge can be considered normal Lambda functions with some more limitations on execution times, runtimes, and other settings. Some actions that are commonly performed in Lambda@Edge:
connect to a database
execute network calls (eg: HTTP)
Lambda@Edge are invoked by CloudFront on specific events:
Viewer Request
Origin Request
Origin Response
Viewer Response
So for example by using the event “Origin Request” you can trigger a Lambda@Edge every time CloudFront contacts your origin (every cache miss).
CloudFront Functions
CloudFront functions are lightweight functions that are executed at the edge, so in one of the 300+ PoP. Instead, Lambda@Edge are executed in regional edge location (13 at the time of writing).
CloudFront functions have low latency but also come with some hard limitations on execution time and maximum memory:
Maximum execution time: 1ms
Maximum memory: 2MB
Also, CloudFront functions come without network or filesystem access. Common uses for CloudFront functions are:
URL rewrite and redirects
Cache-key manipulations and normalizations
HTTP header manipulation
Access Authorisation
CloudFront functions are invoked by CloudFront on specific events (less than Lambda@Edge):
Viewer Request
Viewer Response
Differences recap
CloudFront functions | Lambda@Edge | |
Runtimes | JS | JS/Python |
Max execution time | 1ms | 5s for Viewer request/response & 30s for origin request/response |
Max memory | 2MB | 2MB for Viewer request/response & 10GB for Origin request/response |
Network Access | No | Yes |
File System Access | No | Yes |
GeoRestriction
CloudFront allows the user to block certain geographical zones from accessing the content. To make an example of the use of this feature: streaming services block the viewing of some content in regions where copyright it’s held by other companies.
Pricing
When using CloudFront with AWS services you pay only for outbound traffic: from CloudFront to the final users. Traffic from AWS service to CloudFront it’s free.
Pricing on AWS services tends to change often so please refer to aws.amazon.com/cloudfront/pricing
Free Tier
CloudFront has recently updated its free tier, starting from Dec 1, 2021, the new free tier it’s not limited to 12 months after signup but extends indefinitely. New limits are:
Data Traffic: 1TB/month
Requests: 10M/month