CloudFront Overview:

• Content Delivery Network (CDN): CloudFront acts as a CDN, improving read performance by caching website content at various edge locations globally.

• Global Presence: Comprising 216 points of presence worldwide, corresponding to AWS edge locations.

• DDoS Protection: Offers DDoS protection by distributing content globally and utilizing services like Shield and Web Application Firewall.

• Edge Locations: Serve content directly to users, reducing latency by fetching content from nearby edge caches.

• Origins: Supports various origins including S3 buckets, HTTP backends, and custom origins.

• Benefits of CloudFront:

  • Enhances user experience by reducing latency.
  • Provides DDoS protection through global distribution.

• Architecture:

  • Consists of 216 points of presence globally.
  • Edge locations correspond to AWS edge locations.
  • Continuously adds locations for better performance.

• How it Works:

  • Users request content from nearby edge locations.
  • CloudFront fetches content from origin (e.g., S3 bucket) if not cached locally.
  • Content is cached at edge locations for future requests.

• Origins Supported:

  • S3 Bucket: Used to distribute and cache files, ensuring access control with Origin Access Control (OAC).
  • HTTP Backends: Can be any HTTP server, such as Application Load Balancer or EC2 instance, with CloudFront serving as a front-end.

• Security Features:

  • Origin Access Control (OAC) ensures only CloudFront can access S3 bucket.
  • Can upload data to S3 (ingress) via CloudFront.

• Comparison with S3 Cross-Region Replication:
  • CloudFront: Utilizes a global edge network for caching content worldwide, ideal for static content with widespread availability requirements.
  • S3 Cross-Region Replication: Replicates entire buckets across regions in near real-time, suitable for dynamic content needing low-latency access in specific regions.
• Real-World Use Case:
  • CloudFront ideal for static content needing global availability.
  • S3 Cross-Region Replication for dynamic content needing low-latency updates in specific regions.

So, CloudFront makes your website faster worldwide by caching content at edge locations, while S3 Cross-Region Replication replicates entire buckets for specific regions, useful for dynamic content.

if you use an Amazon S3 bucket configured as a website endpoint, you can’t use the origin access identity feature.

If CloudFront requests an object from your origin, and the origin returns an HTTP 4xx or 5xx status code, there's a problem with communication between CloudFront and your origin.