Unleashing the Power of the Cloud (AWS): The Epic Journey of the Cloud Resume Challenge-
Part 2: Conquering Cloudfront — Harnessing the Forces of Global Content Delivery.
As my first foray into using a content delivery network, admittedly, I was a bit skeptical over its use and worried about the cost on my pocket!
Luckily I found a cost effective way to get my feet wet and also benefit from the multitude of benefits that Cloudfront offers.
What is Cloudfront?
Cloudfront is Amazon web services Content delivery network.
Chat GPT had this to say:
Cloudfront: The celestial messenger that accelerates your website’s performance, ensuring lightning-fast content delivery to users worldwide, enchanting them with a seamless and unforgettable browsing experience. Empower your digital presence with Cloudfront.
Amazon describe it as:
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
What is a cloudfront distribution?
To setup cloudfront, the first thing you will be required to setup is your distribution. In lay mans terms, this is a specification of the configuration you desire for the delivery of your website. To enable faster access, resources can be stored closer to the location of majority of your customers hence reducing latency caused by a website request having to bounce over many servers to get to the source.
The proper description of a cloudfront distribution is:
A CloudFront distribution is a configuration that defines how your content is cached and delivered to end users. It acts as a mediator between your
content’s origin server and the users, optimizing delivery by caching content at edge locations worldwide for faster access and reduced latency.
Lets setup our low cost Cloudfront distribution.
Previously we had setup an S3 bucket that had the static website property enabled. We will use the link generated as the source of the files for our distribution as shown below:
Select your S3 bucket as the origin access control, it will automatically be populated in the dropdown list if the bucket was setup correctly. If your bucket is located in a region with lots of resources such as ‘US-EAST-1’, you could reduce the connection attempts.
What is Origin Shield? It enhances the resilience and scalability of your content’s origin server. It acts as an additional caching layer between the edge locations and the origin, helping to protect the origin server from being overwhelmed by sudden surges in traffic or distributed denial-of-service (DDoS) attacks.
When enabled, the Origin Shield serves as a centralized point of contact for the CloudFront edge locations. Instead of directly accessing the origin server, the edge locations fetch content from the Origin Shield. This setup reduces the load on the origin server and improves its ability to handle requests efficiently.
Origin Shield offers benefits such as reducing origin server load, minimizing the impact of traffic spikes, and improving the cache-hit ratio. By caching content at the Origin Shield, CloudFront can serve subsequent requests from this centralized cache, resulting in faster response times and enhanced scalability.
In summary, Origin Shield is a protective layer that shields your origin server from excessive traffic, ensuring reliable and efficient content delivery through CloudFront. Kindly note that its use attracts an additional charge so we wont enable it this time.
You may also set the amount of time after which cloudfront abandons a connection attempt to one of the many edge locations where your data is stored. In todays world, every second counts, it may be advisable to set a lower amount of time so as to free cloudfront to attempt a connection to a different edge location.
Traditionally, one would need to solicit the services of servers such as Caddy, NGINX and Lets-encrypt so as to enable HTTPS and enhanced security but cloudfront provides these services out of the box.
Below is the recommended setting we will use for caching.
You can protect your CloudFront distributions with AWS WAF, a web application firewall that allows you to secure your web applications and APIs to block requests before they reach your servers. You can enable an AWS-recommended group of AWS WAF security protections with one click when creating or editing a CloudFront distribution.
WAF is one of Amazon’s unique and very useful security features for production environments but it does attract a cost. We will not enable it at present.
To optimize the distribution of your website to your closest servers and also avoid high charges, it is advisable to choose a location close to your target users.
It is also possible to attach your own SSL certificates especially for industries whose regulations dictate special security procedures eg financial institutions, the army or pharmaceutical industries.
Before we move on, from the screen above, it is advisable to set your websites homepage as the root object as shown below:
Your are now almost set, to enable cloudfront to easily work with S3 as the source of the website files, you will be prompted with the following alert.
Not to worry, click on copy policy from the dialog above and head over to your S3 bucket policy and paste the contents therein:
We can now test the distribution by accessing the URL associated with our resources as shown below:
Eureka, our configuration works! Here is an image of my working cloudfront distribution:
Join me on the next article: Unleashing the Power of the Cloud (AWS): The Epic Journey of the Cloud Resume Challenge-
Part 3: GitHub Actions — CI-CD through Github for the win! where I delve into linking our cloudfront distribution to our custom website URL.
Project breakdown:
Unleashing the Power of the Cloud (AWS): The Epic Journey of the Cloud Resume Challenge — Part 1: S3 static website hosting.
Adios for now!
