AWS学习笔记（十五）：CloudFront

CloudFront vs S3 Cross Region Replication

CloudFront:

• Global Edge network
• Files are cached for a TTL (maybe a day)
• Great for static content that must be available everywhere

S3 Cross Region Replication:

• Must be setup for each region you want replication to happen
• Files are updated in near real-time
• Read only
• Great for dynamic content that needs to be available at low-latency in few regions

CloudFront Signed URL Diagram

CloudFront Signed URL vs S3 Pre-Signed URL

CloudFront Signed URL:

• Allow access to a path, no matter the origin
• Account wide key-pair, only the root can manage it
• Can filter by IP, path, date, expiration
• Can leverage caching features

S3 Pre-Signed URL:

• Issue a request as the person who pre-signed the URL
• Uses the IAM key of the signing IAM principal
• Limited lifetime

Unicast IP vs Anycast IP

• Unicast IP: one server holds one IP address
• Anycast IP: all servers hold the same IP address and the client is routed to the nearest one

AWS Global Accelerator vs CloudFront

They both use the AWS global network and its edge locations around the world
Both services integrate with AWS Shield for DDoS protection.
CloudFront

• Improves performance for both cacheable content (such as images and videos)
• Dynamic content (such as API acceleration and dynamic site delivery)
• Content is served at the edge

Global Accelerator

• Improves performance for a wide range of applications over TCP or UDP
• Proxying packets at the edge to applications running in one or more AWS Regions.
• Good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP
• Good for HTTP use cases that require static IP addresses
• Good for HTTP use cases that required deterministic, fast regional failover