CloudFront
Use geographic restrictions (geo blocking) to prevent/block users in specific geographic locations (nations) from accessing content that you're distributing through a CloudFront distribution
You can user CloudFront for on demand (VOD) or live streaming (real time) video
To reduce latency of the images/files hosted on S3 bucket use CloudFront
Cache media, can server secret/private content
CloudFront is used for only Delivery (CDN) max download size over CloudFront is 20GB
CloudFront origin access identity (OAI)
Restrict access to Amazon S3 bucket so that objects can be accessed only through my Amazon CloudFront distribution
High Availability with CloudFront
you create an origin group with two origins: a primary and a secondary
If the primary origin is unavailable CloudFront automatically switches to the secondary origin.
Example: You have s3 bucket in us-west-1 and data is being replicated to ap-southeast-1 then,
Create an additional CloudFront origin pointing to the ap-southeast-1 bucket.
Set up a CloudFront origin group with the us-west-1 bucket as the primary and the ap-southeast-1 bucket as the secondary.
Field-level encryption
Adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it
Enable your users to securely upload sensitive information to your web servers