Amazon CloudFront quick reference and cheat sheet

Amazon CloudFront @

1. CloudFront gives developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds.
2. CloudFront helps the distribution of frequently accessed static content like mages, videos, media files or software downloads that benefits from edge delivery.
3. CloudFront is a good dynamic, static, streaming, and interactive content.
4. CloudFront is a global service
5. CloudFront is used as Ingress to upload objects.(Ingress refers to the right to enter a property)
6. CloudFront is used as Egress to distribute content.(egress refers to the right to exit a property)
7. Amazon CloudFront provides a simple API to distribute content with low latency and high data transfer rates by serving requests using a network of edge locations around the world.
8. In Amazon CloudFront there is no minimum commitments.
9. Use a zone apex name on CloudFront.
10. CloudFront supports wildcard CNAME,wildcard SSL certificates, Dedicated IP, Custom SSL and SNI Custom SSL
11. CloudFront supports Perfect Forward Secrecy which creates a new private key for each SSL session.
12. With CloudFront requests are routed to the nearest edge location.
13. CloudFront edge locations are not tied to Availability Zones or regions.
14. Regional Edge Caches are located between origin web servers and global edge locations
15. Regional Edge Caches have larger cache-width than any individual edge location.
16. Regional Edge caches got the capability to get content closer to users.
17. With CloudFront proxy methods like PUT/POST/PATCH/OPTIONS/DELETE(Dynamic operations) go directly to the origin from the edge locations and do not proxy through Regional Edge caches.
18. With CloudFront Dynamic content goes straight to the origin
19. Edge locations are not just read only, you can write to them too.
20. Origin of the files that the CDN will distribute
21. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53
22. Origins can be external (non-AWS)
23. Make objects publicly available or use CloudFront signed URLs.
24. A custom origin server is a HTTP server which can be an EC2 instance.
25. A custom origin server is an on-premise/non-AWS based web server.
26. DNS name, ports and protocols needs to be specified to CloudFront when you need to fetch objects from your origin on non AWS webserver.
27. CloudFront features are not supported in RTMP distributions.
28. When using EC2 for custom origins, good to use an AMI that automatically installs the software for a web server.
29. When using EC2 for custom origins, use ELB to handle traffic across multiple EC2
30. When using EC2 for custom origins, specify the URL of your load balancer as the domain name of the origin server.
31. When using S3 static website you need to enter the S3 static website hosting endpoint for your bucket in the configuration.
32. CloudFront Objects are cached for 24 hours by default.
33. The expiration time is controlled through the TTL.
34. CloudFront keeps persistent connections open with origin servers.
35. CloudFront supports two types of distribution ,Web Distribution and RTMP Distribution
36. Web Distribution supports Static and dynamic content including .html, .css, .php, and graphics files.
37. CloudFront Distributes files over HTTP and HTTPS.
38. With CloudFront you can use live streaming to stream an event in real time.
39. RTMP Distribute streaming media files using Adobe Flash Media Server’s RTMP protocol.
40. RTMP Allows an end user to begin playing a media file before the file has finished downloading from a CloudFront edge location.
41. With RTMP Files must be stored in an S3 bucket.
42. CloudFront can be integrated with CloudTrail which saves logs to the S3 bucket.
43. To delete a CloudFront distribution it must first be disabled.
44. You can configure the Cache property of CloudFront functionality for a given URL path such as path pattern (e.g. /files/*.gif),origin to forward requests,query strings,signed URLs,HTTP methods time to retain the files in the CloudFront cache.
45. Default cache behavior only allows a path pattern of /*.
46. With CloudFront you can restrict access to content using signed cookies or signed URLs.
47. With CloudFront you can restrict access to objects in your S3 bucket.
48. With CloudFront and Origin Access Identity (OAI) you can restrict access to content in an Amazon S3 bucket.
49. To use field-level encryption, when you configure your CloudFront distribution, specify the set of fields in POST requests that you want to be encrypted, and the public key to use to encrypt them.
50. Field-level encryption allows you to securely upload user-submitted sensitive information.The sensitive information is encrypted at the edge closer to the user and remains encrypted throughout application processing
51. CloudFront matches the protocol with your custom origin.
52. With CloudFront match viewer only if you specify Redirect HTTP to HTTPS or HTTPS only for the viewer protocol policy.
53. With CloudFront Blacklists and whitelists can be used for geography – you can only use one at a time.
54. Use the CloudFront geo-restriction feature for restricting access to all files in a distribution and at the country level.
55. CloudFront distributes traffic across multiple edge locations
56. CloudFront filters requests to ensure that only valid HTTP(S) requests will be forwarded to backend hosts.
57. CloudFront also supports geoblocking, with this you can use to prevent requests from particular geographic locations from traffic being served.
58. CloudFront creates a domain name such as
59. CloudFront charges for data transfer out to internet,data transfer out to origin,Number of HTTP/HTTPS requests, field level encryption requests etc.

Author: user

Leave a Reply