AWS Learner
Amazon CloudFront - Part2

Amazon CloudFront - Part2

Utkarsh Rastogi's photo
Utkarsh Rastogi
ยท

4 min read

Table of contents

Amazon Cloud Concepts Learning --> Day14

CloudFront Cache Invalidations

You can do one of the following if you need to delete a file from CloudFront edge caches before it expires:

  • Invalidate the file from edge caches. When a viewer requests the file again, CloudFront goes back to the source to retrieve the most recent version of the content.

  • Use file versioning to serve a different version of the file that has a different name.

CloudFront Policies

Three distinct policy types are available for use with Amazon CloudFront:

  • Specify cache and compression settings

  1. Cache Policy = HTTP headers + cookies + query strings + Time to Live (TTL)

  2. Cache Policy is included in cache key.

  • Specify values to include in origin requests (but not in the cache key)

  1. Origin request policy = HTTP headers + cookies + query strings

  2. Origin Policy is included in origin requests.

  • Specify HTTP headers to remove or add in viewer responses

  1. You may manage the HTTP headers that CloudFront adds to HTTP replies it sends to viewers by implementing a CloudFront response headers policy.

  2. Without changing anything about your origin or writing any code, you may add or delete HTTP headers from the replies that CloudFront provides to viewers.

CloudFront Origin Failover

You may configure backup origins for your distribution using the CloudFront Origin Failover functionality offered by Amazon CloudFront. By automatically reverting to a backup origin if the primary origin becomes inaccessible, this feature guarantees excellent availability and dependability.

You need a distribution with at least two origins to set up origin failover. Subsequently, you establish an origin group with two sources for your distribution, designating one as the primary. To use the origin group, you must lastly build or modify a cache behaviour.

Origin failover is demonstrated via the following diagram.

CloudFront Field-level Encryption

You may use HTTPS to ensure secure end-to-end connections to origin servers using Amazon CloudFront. By adding an extra layer of protection, field-level encryption allows you to safeguard certain data throughout system processing so that it is only visible to selected apps.

  • You can let users safely upload private data to your web servers by encrypting fields at the field level. Your users' sensitive data is secured at the edge, near the user, and is kept encrypted all the way up your application stack.

  • Only programs that require the data and possess the necessary credentials to decode it can access it thanks to this encryption.

  • To employ field-level encryption, you must designate in your CloudFront distribution configuration the POST request fields you wish to encrypt as well as the public key that will be used to do so.

  • In a request, up to ten data fields can be encrypted. (You must designate specific fields to encrypt; field-level encryption does not allow you to encrypt all the data in a request.)

  • To use field-level encryption, your origin must support chunked encoding.

Limiting your content's geographical reach

When distributing contents via an Amazon CloudFront distribution, you may utilize geographic limits, sometimes referred to as geo blocking, to stop users in particular geographic areas from viewing the content. Two options via which geographic restrictions can be done:

  • Using CloudFront geographic restrictions

Prevent users in specific countries from accessing your content as:

Only enable people to view your content if they are in one of the nations you have allowed on your allowlist.

If a user is in a nation that is prohibited by your denylist, stop them from viewing your content.

  • Using a third-party geolocation service

AWS advise using CloudFront signed URLs when utilizing third-party geolocation services, since they allow you to set an expiration date and time after which the URL expires.

Limitations

Below mentioned tables includes some basic limitations

Additional Resources

https://aws.amazon.com/api-gateway/faqs/

"Thank you for reading! If you found this blog helpful, don't forget to subscribe and follow for more insightful content. Your support keeps me motivated to bring you valuable insights. Stay updated and never miss out on our latest posts. Feel free to leave comments or suggestions for future topics. Happy learning!"

https://awslearner.hashnode.dev/amazon-web-services-via-category

AWSAWSBeginnerCloud ComputingAmazon Cloudfront
ย