Amazon CloudFront is a web service that enables you to deliver web content through a Content Deliver Network of edge locations. When you request a web page that is for example located in New York, and you are based in Brisbane, the request is first routed to your nearest edge location that provides the lowest latency. If the content is available, then CloudFront delivers it. If the content is not available in that edge location, then CloudFront retrieves the content from the location you have identified as the origin of the content.  It then caches the content at the edge location for a period of time as defined by the Time to Live (TTL).

Amazon CloudFront is designed to deliver complete websites which include dynamic and static content. In addition, Amazon CloudFront will work with all other Amazon Web Services like Amazon Simple Storage (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Load Balancing, and Amazon Route 53.  Also note that Amazon CloudFront can actually deliver content from source locations anywhere in the world, other than those located on Amazon AWS. These are known as Custom Origins.

Key Definitions & Settings

  • Edge Location – This is separate from an AWS Region or Availability Zone. Edge Locations will store cache information of websites and data. Edge locations are both read and write so you can write back to the Edge location which will update the origin files
  • Origin – This is where the original files are physically located that will then be distributed to Edge Locations for caching via the Content Delivery Network (CDN). These can be either S3 Buckets, EC2 Instance data like HTML files on a web server or Elastic Load Balancer.  If you store your objects in an S3 bucket, you can actually make the objects publicly available and users can access the objects using the actual CloudFront URLs. You can also keep the objects private and control access to them
  • Distribution – This is a network that contains the collection of Edge Locations.  Key distribution mechanisms are:
    • Web Distribution – These are used to distribute content over HTTP and HTTPS and consist of:
      • Static and Dynamic content such as HTML, CSS, PHP etc
      • Multimedia content on demand using progressive download and Apple HTTP Live Streaming
      • Live events such as meetings, conferences and concerts in real time
    • RTMP Distributions
      • Because you cannot stream Adobe Flash multimedia content over HTTP or HTTPS, you have to use RTMP distribution. RTMP can stream media files using Adobe Media Server using the Adobe Real-Time Messaging Protocol (RTMP). In addition, the source content must be an Amazon S3 bucket.
  • Time to Live (TTL) – Objects are cached for the life of the TTL
  • Invalidation – You can clear cache objects before the TTL but you will be charged for this. You may choose to do so if your TTL is set for a long duration and you need to distribute an immediate update of your content.
  • Serve Whole Websites – You can serve both static and dynamic content using a single CloudFront distribution by using multiple origins and cache behaviours. This enables you to serve whole websites and support different behaviours for different types of content
  • Restrict Viewer Access – You can secure access to authorized users by restricting access to certain users only. For example, paid subscribers. This can be achieved by configuring:
    • Signed URLs
    • Signed cookies
    • Origin Access Identities (OAI) – Access is restricted to a special CloudFront user associated with your distribution. This ensures that content is only accessed via the CloudFront distribution point and not by directly trying to connect to the S3 Bucket URL for example.
  • Price Classes – You can specify different price classes
  • AWS WAF and ACL – This is a web application firewall to help secure your content
  • Alternative Domain Names – You can use alternative domain names using CNAMEs instead of the standard URLs that is generated by CloudFront
  • Custom SSL Certificate – You can use your SSL certificates if you are using your own domain name for the CloudFront URLs.  Your would need to supply this certificate
  • Logging – Can be turned on or off and you can select which bucket to store the logs in


How it works

  • Configure your origin servers
  • Upload your objects to your origin distribution points (S3 bucket or web-server)
  • Create CloudFront Distribution, where you specify the origin servers from where to get your files. Here you can specify if you want CloudFront to log user requests
  • CloudFront will then provide your distribution configuration to edge locations
  • Use the domain name that CloudFront provides for your URLs for your distribution while building your websites or configure your CloudFront distribution to use your own domain name
  • Specify Time to Live parameters of your content. By default objects stay in edge locations for 24 hours before expiry. You can actually specify settings for Minimum TTL, Maximum TTL and Default TTL. Note that you actually control cache duration of individual objects too.  Cache-Control Max-age specifies how long you want the object to remain in cache before CloudFront will fetch the object again from the origin server. The minimum expiration time CloudFront supports is 0 seconds for web distribution and 3600 seconds for RTMP distributions. The maximum value is 100 years.


180 Practice Exam Questions – Get Prepared for your Exam Day!

Our Exam Simulator with 180 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certification.

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Close Popup
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

Decline all Services
Accept all Services
Open Privacy settings