CloudFront
- content is cached at edge
- 216 point of presence globally
- DDoS protection (Shield, WAF)
Origins
- S3 bucket
- enhanced security with CloudFront
Origin Access Control
OAC, OAI - CloudFront can be used as an ingress (to upload files to S3)
- enhanced security with CloudFront
- Custom Origin (HTTP)
- ALB
- EC2
- S3 Website
- any HTTP backend
Other Features
- Geo Restriction
- allow-list
- block list
- the “country” is determined using a 3^rd party Geo-IP database
- Price classes
- Cost of data per edge location varies
- reduce the number of edge locations for cost-reduction
- classes (all, 200, 100)
- Cache Invalidation
Global Accelerator
Unicast
IP: one server holds one IP addressAnycast
IP: all servers hold the same IP address and the client is routed to the nearest one
AWS Global Accelerator
- Leverage the AWS internal network to route to your application
- 2
Anycast
IP are created for your application - works with ElasticIP, EC2, ALB, NLB, public or private
- Consistent Performance
- intelligent routing to lowest latency and fast regional failover
- no issue with client cache
- internal AWS network
- Health Checks
- Security
Comparison
- They both use the AWS global network and its edge locations around the world
- Both services integrate with AWS Shield for DDoS protection.
- CloudFront
- Improves performance for both cacheable content (such as images and videos)
- Dynamic content
- Content is served at the edge
- Global Accelerator
- Improves performance for a wide range of applications over TCP or UDP
- Proxying packets at the edge to applications running in one or more AWS Regions
- Good fit for non-HTTP use cases, such as UDP, IoT(MQTT), VoIP
- Good for HTTP use cases that require static IP
- Good for HTTP use cases that required deterministic, fast regional failover