Wednesday, July 15, 2020

CloudFront - Content Delivery Network


CloudFront - CDN – Content Delivery Network
-         Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance
-         GLOBAL service (not regional), ingress and egress
-         DNS routes request to the nearest (latency-wise) edge location where content get cached. AWS will fetch content via internal backbone – fast. As soon as part of the content is delivered to the edge location – start feeding it to the client
-         Edge locations – not mapped directly to AZ's. TTL – how long copy of an object remains @ edge location. Default – 24 hrs. Can set to 0 – no caching
-         Static content gets cached. Ex: web query pages ("?" and after)
-         Origin servers: AWS – S3 bucket
-         Custom: EC2, EC2 + ELB, or all off AWS premise, S3 website
-         Connection to origin servers is kept alive – no need for a new TCP/HTTP/SSL handshake on new requests. This saves time on content delivery.
-         CDN – CouldFront Distribution – sets where content is delivered from, for how long to cache
-         Access via: console, SDK, API. Command line, WAS tools for Windows PowerShell
-         Benefits:
          §  Security (sourcing from CF vs sourcing directly from the origin)
          §  Cheaper if volumes are high – you are charged for CD->User only, Origin->CF is free
          §  Caching – better performance
 
Regional Edge Cache
-         Large cache where objects get copied there from Edge Location. Stay there for longer, even once removed from Edge Location.
-         Used when objects are at custom origin; i.e. requests to S3 will skip regional edge cache. HOWEVER – a static web-site stored at S3 is considered to be of custom origin, not S3 origin.
-         HTTP PUT/POST/PATCH/OPTIONS/DELETE go from origin to edge location skipping Regional Edge Cache
-         Regional Edge Cache does not store dynamic content
-         IMPORTANT, to sum up, these requests go directly to the origin (SKIP Regional Edge Cache):
          §  Requests to AWS S3 origins (excluding static S3 websites)
          §  HTTP PUT/POST/PATCH/OPTIONS/DELETE
          §  Requests for dynamic content

TTL of 0
-         If you set the TTL for a particular origin to 0, CloudFront will still cache the content from that origin. It will then make a GET request with an If-Modified-Since header, thereby giving the origin a chance to signal that CloudFront can continue to use the cached content if it hasn't changed at the origin. [emphasis mine]
-         In other words, using a TTL of 0 primarily means, that CloudFront delegates the authority for cache control to the origin, i.e. the origin server decides whether or not, and if for how long CloudFront caches the objects; please note specifically, that a GET request with an If-Modified-Since header doesn't necessarily mean that the object itself is retrieved from the origin, rather the origin can (and should) return the HTTP status code 304 - Not Modified (https://stackoverflow.com/questions/10621099/what-is-a-ttl-0-in-cloudfront-useful-for)

Compliance:
-         PCI DSS Compliant (recommends no to cache ccard info at edge)
-         HIPPA eligible

Configuration – how you want your content served
-         Origins are S3 or HTTP servers, up to 25
-         Takes time to propagate configuration changes to edge locations – old cfg persist meanwhile
-         Propagation InProgress -> Deployed
 
Distributions:
-         Web distribution - over HTTP or HTTPS:
          §  Up to 200
          §  Static and dynamic download over HTTP / HTTPS: html, css, js, images
          §  Multimedia over HLS – Apple HTTP Live Streaming, etc. Video gets cached in chunks – the chunks become available for other users to load.
-         RTMP Distribution – Adobe Real Time Messaging Protocol (no HTTP/S)
          §  End Of Life as of December 31, 2020
o   Up to 100
o   Adobe Flash multimedia
o   MUST use S3 as origin – custom origin is not supported
o   Adobe Media player install gets served to the user, then the video. To achieve this:
§  Need a web-distribution to deliver the player – from S3 or a custom origin
§  RTMP to deliver video – from S3 only
 
-         Can specify (options):
          §  Access to CloudFront URL’s – everyone/restricted. It’s on you to make sure CloudFront has access to the origin (ex: S3)
          §  Can force HTTPS
          §  Cookies – forward to origin or not
          §  Availability of content in select countries – black/white list
          §  Custom origin @ EC2, best practice:
              §  use AWS AMI that automatically pre-installs a web server on your EC2
              §  use load balancer and specify DNS as source for CloudFront – to protect distribution it from machine failures
          §  When hosting an S3 website (custom origin);
              §  Can have DNS use an alias to point a readable URL to CloudFront website address (12345.cloudfront…aws.com)
          §  If alternate domain name is associated with one distribution – can’t associate with another

1.      Identify what your origins will be: S3 or custom
2.      Upload your content to origin
3.      Created your CloudFront distribution (HTTP/S – Web distribution; Adobe – RTMP); set up your parameters such as logging etc.
4.      CloudFront creates a domain name – xxx.cloudfront.net
5.      CloudFront distributes your Distribution configuration to Edge Locations. 
         None of your content is distributed to Edge Locations until a request from a client is initiated. Once such request is received - the content delivery to the Edge Location and right away to the Client is initiated; content is cached (default TTL – 24 hrs until expiry) at a given Edge Location

No comments:

Post a Comment