Introduction to Amazon CloudFront

Introduction to Amazon CloudFront

Amazon CloudFront

CloudFront is Amazon’s offer for Content Delivery Network. The CDN is composed of a globally distributed set of caching servers that provide low latency and high throughput all around the world.

The network is based on more than 300 PoP (Points of Presence) around the world.
These PoPs are for majority edge locations that serve traffic to the final users but, usually corresponding to AWS regions, there are also regional edge locations. This latter one can be considered a mid-tier cache.

AWS CloudFront point of presence map

Image from AWS Docs


A CloudFront distribution is the main resource you can create to distribute content globally, for example when creating a WordPress site we can create a distribution for WordPress media. One of the main settings that a Distribution allows you to specify it’s the content origin, this origin is where CloudFront will try to fetch content before caching it.


CloudFront supports multiple origins and natively integrates with many AWS Services.
One of the most used integration is with Amazon S3. The combination of S3 + CloudFront it’s widely used to host static websites.
When using CloudFront with Amazon S3 it’s possible to secure the origin’s bucket with an Origin Access Identity (OAI), this feature will protect the bucket from traffic that it’s not originated within your CloudFront distribution.

Caching Behaviour

CloudFront allows you to customize how requests are handled with multiple cache behavior. Each cache behavior allows the user to define a pattern (eg: *.jpg) and some rules that apply to this pattern.

Static websites provide a good example of how to use cache behaviors. All the media files (JPG, PNG, SVG) are generally cached for a long time meanwhile index.html is generally cached for a shorter time.
So by having multiple cache behaviors we can have all these customized settings for each file type.



These Lambda functions allow to run code near the end user, specifically, Lambda@Edge are executed in a regional edge location.

Lambda@Edge can be considered normal Lambda functions with some more limitations on execution times, runtimes, and other settings. Some actions that are commonly performed in Lambda@Edge:

  • connect to a database

  • execute network calls (eg: HTTP)

Lambda@Edge are invoked by CloudFront on specific events:

  1. Viewer Request

  2. Origin Request

  3. Origin Response

  4. Viewer Response

So for example by using the event “Origin Request” you can trigger a Lambda@Edge every time CloudFront contacts your origin (every cache miss).

CloudFront Functions

CloudFront functions are lightweight functions that are executed at the edge, so in one of the 300+ PoP. Instead, Lambda@Edge are executed in regional edge location (13 at the time of writing).

CloudFront functions have low latency but also come with some hard limitations on execution time and maximum memory:

  • Maximum execution time: 1ms

  • Maximum memory: 2MB

Also, CloudFront functions come without network or filesystem access. Common uses for CloudFront functions are:

  • URL rewrite and redirects

  • Cache-key manipulations and normalizations

  • HTTP header manipulation

  • Access Authorisation

CloudFront functions are invoked by CloudFront on specific events (less than Lambda@Edge):

  1. Viewer Request

  2. Viewer Response

Differences recap

CloudFront functionsLambda@Edge
Max execution time1ms5s for Viewer request/response & 30s for origin request/response
Max memory2MB2MB for Viewer request/response & 10GB for Origin request/response
Network AccessNoYes
File System AccessNoYes


CloudFront allows the user to block certain geographical zones from accessing the content. To make an example of the use of this feature: streaming services block the viewing of some content in regions where copyright it’s held by other companies.


When using CloudFront with AWS services you pay only for outbound traffic: from CloudFront to the final users. Traffic from AWS service to CloudFront it’s free.

Pricing on AWS services tends to change often so please refer to

Free Tier

CloudFront has recently updated its free tier, starting from Dec 1, 2021, the new free tier it’s not limited to 12 months after signup but extends indefinitely. New limits are:

  • Data Traffic: 1TB/month

  • Requests: 10M/month