Amazon CloudFront

CloudFront

  • content is cached at edge
  • 216 point of presence globally
  • DDoS protection (Shield, WAF)

Origins

  • S3 bucket
    • enhanced security with CloudFront Origin Access Control OAC, OAI
    • CloudFront can be used as an ingress (to upload files to S3)
  • Custom Origin (HTTP)
    • ALB
    • EC2
    • S3 Website
    • any HTTP backend

Other Features

  • Geo Restriction
    • allow-list
    • block list
    • the “country” is determined using a 3^rd party Geo-IP database
  • Price classes
    • Cost of data per edge location varies
    • reduce the number of edge locations for cost-reduction
    • classes (all, 200, 100)
  • Cache Invalidation

Global Accelerator

  • Unicast IP: one server holds one IP address
  • Anycast IP: all servers hold the same IP address and the client is routed to the nearest one

AWS Global Accelerator

  • Leverage the AWS internal network to route to your application
  • 2 Anycast IP are created for your application
  • works with ElasticIP, EC2, ALB, NLB, public or private
  • Consistent Performance
    • intelligent routing to lowest latency and fast regional failover
    • no issue with client cache
    • internal AWS network
  • Health Checks
  • Security

Comparison

  • They both use the AWS global network and its edge locations around the world
  • Both services integrate with AWS Shield for DDoS protection.
  • CloudFront
    • Improves performance for both cacheable content (such as images and videos)
    • Dynamic content
    • Content is served at the edge
  • Global Accelerator
    • Improves performance for a wide range of applications over TCP or UDP
    • Proxying packets at the edge to applications running in one or more AWS Regions
    • Good fit for non-HTTP use cases, such as UDP, IoT(MQTT), VoIP
    • Good for HTTP use cases that require static IP
    • Good for HTTP use cases that required deterministic, fast regional failover
Get Things Done
Built with Hugo
Theme Stack designed by Jimmy