· Amazon CloudFront is a web service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations.
·
In the event that offensive or
potentially harmful material needs to be removed before the specified
expiration time, you can use the Invalidation API to remove the object from all
Amazon CloudFront edge locations. You can see the charge for making
invalidation requests here.
· Amazon CloudFront
currently supports GET, HEAD, POST, PUT, PATCH, DELETE and OPTIONS requests. Amazon
CloudFront does not cache the responses to POST, PUT, DELETE, and PATCH
requests – these requests are proxied back to the origin server. You may
enable caching for the
responses to OPTIONS requests.
· HTTP/2 is
automatically enabled for all new CloudFront distributions.
· Cloudfront does not support HTTP/2 without TLS.
· WebSocket is a real-time
communication
protocol that provides bidirectional communication between a client and a server over a long-held
TCP connection. By using a persistent open connection, the client and the
server can send real-time data to each other without the client having to frequently
reinitiate connections checking for new data to exchange
· WebSocket connections
are often used in chat applications, collaboration platforms, multiplayer
games, and financial trading platforms.
· You can use WebSockets globally, and no additional
configuration
is needed to enable the WebSocket protocol within your CloudFront resource as
it is now supported by default.
· Amazon CloudFront
supports encrypted WebSocket connections (WSS) using the SSL/TLS protocol.
· By default, you can
deliver your content to viewers over HTTPS by using your CloudFront
distribution domain name in your URLs, for example,
https://dxxxxx.cloudfront.net/image.jpg. If you want to deliver your content
over HTTPS using your own domain name and your own SSL certificate, you can use
one of our Custom SSL certificate support features.
· Field-Level Encryption
is a feature of CloudFront that allows you to securely upload user-submitted
data such as credit card numbers to your origin servers. Using this
functionality, you can further encrypt sensitive data in an HTTPS form using
field-specific encryption keys (which you supply) before a PUT/ POST request is
forwarded to your origin. This ensures that sensitive data can only be
decrypted and viewed by certain components or services in your application
stack. To learn more about field-level encryption, see Field-Level Encryption in our
documentation.
· Server Name Indication
(SNI) is an extension of the Transport Layer Security (TLS) protocol. This
mechanism identifies the domain (server name) of the associated SSL request so
the proper certificate can be used in the SSL handshake. This allows a
single IP address to be used across multiple servers. SNI requires browser
support to add the server name, and while most modern browsers support it,
there are a few legacy browsers that do not. For more details see the SNI
section of the CloudFront Developer
Guide or
the SNI Wikipedia article.
· You can use Amazon CloudFront live streaming with any live video origination service that outputs HTTP-based streams, such as AWS Elemental MediaPackage or AWS Elemental MediaStore. MediaPackage is a video origination and just-in-time packaging service that allows video distributors to securely and reliably deliver streaming content at scale using multiple delivery and content protection standards.
· Visit the AWS Live Video Streaming page to learn more.
· Origin Shield is a centralized caching layer that helps increase your cache hit ratio to reduce the load on your origin
· Origin Shield also decreases your origin operating costs by collapsing requests across regions so as few as one request goes to your origin per object.
· When enabled, CloudFront will route all origin fetches through Origin Shield, and only make a request to your origin if the content is not already stored in Origin Shield's cache.
· When you create or modify a CloudFront distribution, you can enable access logging. CloudFront provides two ways to log the requests that are delivered from your distributions: Standard logs and Real-time logs.
· CloudFront standard logs are delivered to the Amazon S3 bucket of your choice (log records are delivered within minutes of a viewer request). When enabled, CloudFront will automatically publish detailed log information in a W3C extended format into an Amazon S3 bucket that you specify. Access logs contain detailed information about each request for your content, including the object requested, the date and time of the request, the edge location serving the request, the client IP address, the referrer, the user agent, the cookie header, and the result type (for example, cache hit, or miss, or error). CloudFront doesn’t charge for standard logs, though you incur Amazon S3 charges for storing and accessing the log files.
· CloudFront
real-time logs are
delivered to the data stream of your choice in Amazon Kinesis Data Streams (log records are
delivered within seconds of a viewer request). You can choose the sampling rate
for your real-time logs—that is, the percentage of requests for which you want
to receive real-time log records. You can also choose the specific fields that
you want to receive in the log records. CloudFront real-time logs contain all
the same data points as the standard logs and also
contain certain additional information about each request such as viewer
request headers, and country code, in a W3C extended format. CloudFront charges for real-time logs, in addition to the
charges you incur for using Kinesis Data Streams.
· If you have time sensitive use cases and require access log data
quickly
within a few seconds, then choose the real-time
logs. If
you need your real-time log pipeline to be cheaper, you
can choose to filter the log data by enabling logs only for specific cache behaviors, or choosing a lower sampling rate. The real-time log
pipeline is built for quick data delivery. Therefore, log records may be
dropped if there are data delays. On the other hand, if you need a low-cost log processing solution with no requirement for
real-time data then the current standard log option is ideal for you.
· CloudFront standard
logs are delivered to your S3 bucket. The real-time logs are delivered to your
Kinesis Data Stream. From Kinesis Data Streams, the logs can be published to
Amazon Kinesis Data Firehose.
· CloudFront Functions
is a serverless edge compute feature allowing you to run JavaScript code at the
225+ CloudFront edge locations for lightweight HTTP(s) transformations and
manipulations.
· Lambda@Edge is an extension
of AWS Lambda allowing you to
run code at global edge locations without provisioning or managing servers. Lambda@Edge offers powerful and flexible serverless
computing for complex functions and full application logic closer to your
viewers. Lambda@Edge functions run in a Node.js or
Python environment.
All
existing features of Amazon CloudFront will continue to work on IPv6, though
there are two changes you may need for internal IPv6 address processing before
you turn on IPv6 for your distributions.
· If you have turned on the Amazon CloudFront Access Logs feature, you will start seeing your viewer’s IPv6 address in the “c-ip” field and may need to verify that your log processing systems continue to work for IPv6.
· When you enable IPv6 for your Amazon CloudFront distribution, you will get IPv6 addresses in the ‘X-Forwarded-For’ header that is sent to your origins. If your origin systems are only able to process IPv4 addresses, you may need to verify that your origin systems continue to work for IPv6.
· Amazon CloudFront
charges are based on actual usage of the service in four areas:
· Data Transfer Out,
· HTTP/HTTPS Requests,
· Invalidation Requests,
· and Dedicated IP Custom SSL certificates
associated with a CloudFront distribution.