CloudFront & Global Accelerator

Amazon CloudFront

• Content Delivery Network
• Amazon CloudFront is a web service that speeds up distribution of static and dynamic web conent, such as html,css,js, and image files.
• Delivers content throught a worldwide network of data centers called edge locations(* Data Center used to deliver contetn fast to your users, site that is nearest your users).
  • the request is routed to the edge location that provides the lowest latency
  • the content is delivered with the best possible performance.
  • 216 Points of Presence globally (edge locations - 전 세계 데이터 센터 네트워크)
• DDos protection, integration with Shield, AWS Web Application Firewall
• 콘텐츠가 지연 시간이 가장 낮은 엣지 로케이션에 이미 있는 경우 -> 즉시 전송
• 콘텐츠가 해당 엣지 로케이션에 없는 경우, 최종 버전의 콘텐츠의 소스로 식별한 S3 buckets, Media Package Channel or HTTP 등에서 가져옴 
• You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world.

CloudFront - Origins

• Origin servers, like an Amazon S3 bucket or your own HTTP server
• An origin server stores the original, definitive version of your objects
• S3 bucket
  • For distributing files and caching them at the edge
  • Enhanced security with CloudFront Origin Access Control
  • OAC is replacing Origin Access Identity
  • CloudFront can be used as an ingress
• Custom Origin(HTTP)
  • Application Load Balancer
  • EC2 instance
  • S3 Website
  • Any HTTP backend 

CloudFront  vs S3 Cross Region Replication

• CloudFront
  • Global Edge network
  • Files are cached for a TTL
  • Great for static content that must be available everywhere
• S3 Cross Region Replication(S3 Cross-Region Replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions.)
  • Must be setup for each region you want replication to happen
  • Files are updated in near real-time
  • Read Only
  • Great for dynamic content that needs to be available at low-latency in few regions

CloudFront - Geo Restriction

• restrict who can access distribution
  • Allowlist : Allow users to access your content only if they're in one of the countries on a list of approved countries
  • Blocklist : Prevent users from accessing content if they're in one of the countries on a list of banned countries
• The "country" is determined using 3rd party Geo-Ip db
• Use case : Copyright Laws to control access to content

CloudFront - Pricing

• CloudFront Edge locations are all around the world
• The cost of data out per edge location varies
• can reduce the number of edge locations for cost reduction
  • Price Class All : all regions - best performance
  • Price Class 200 : most regions, but excludes the most expensive regions
  • Pirce Class 100 : only the least expensive regions

CloudFront - Cache Invalidations

• can force an entire or partial cache refresh by performing a CloudFront Invalidation

Unicast IP vs Anycast IP

• Unicast IP
  • one server holds on IP address
• Anycast IP
  • all servers hold the same IP address and the client is routed to the nearest one

AWS Global Accelerator

• AWS Global Accelerator는 글로벌 사용자에게 제공하는 애플리케이션의 가용성과 성능을 향상하는 데 도움이 되는 네트워킹 서비스
• Leverage the AWS internal network to route to your application
• 2 Anycast IP are created for you application
• The Anycast IP send traffic directly to Edge Locations
• The Edge locations send the traffic to your application 
• Works with Elastic IP, EC2 instances, ALB, NLB, public or private
• Consistent Performance
  • Intelligent routing to lowwest latency and fast regional failover
  • No issue with client cache (because IP doesn't change)
  • Internal AWS network 
• Health Check
  • Global Accelerator performs a health check of your applications
  • Helps make your application global
  • Great for disaster recovery 
• Security
  • only 2 external IP need to be whitelisted
  • DDos protection thanks to AWS Shield

AWS Global Accelerator vs CloudFront

• They both use the AWS global network and its edge locations around the world
• Both services integrate with AWS shield for DDos protection
• CloudFront
  • Improves performance for both cacheable content(imgs and vids)
  • Dynamic content(API accelertaion and dynamic site delivery)
  • Content is served at the edge 
• Global Accelerator
  • Improves performance for a wide range of applications over TCP or UDP
  • Proxying packets at the edge to applications running in one or more AWS Regions
  • Good fit for non-HTTP use cases, such as gaming(UDP), IoT(MQTT) or Voice over IP
  • Good for HTTP use cases that require static IP addresses
  • Good for HTTP use cases that require deterministic, fast regional failover