CloudFront

  • Use geographic restrictions (geo blocking) to prevent/block users in specific geographic locations (nations) from accessing content that you're distributing through a CloudFront distribution

  • You can user CloudFront for on demand (VOD) or live streaming (real time) video

  • To reduce latency of the images/files hosted on S3 bucket use CloudFront

  • Cache media, can server secret/private content

  • CloudFront is used for only Delivery (CDN) max download size over CloudFront is 20GB

  • CloudFront origin access identity (OAI)

    • Restrict access to Amazon S3 bucket so that objects can be accessed only through my Amazon CloudFront distribution

  • High Availability with CloudFront

    • you create an origin group with two origins: a primary and a secondary

    • If the primary origin is unavailable CloudFront automatically switches to the secondary origin.

    • Example: You have s3 bucket in us-west-1 and data is being replicated to ap-southeast-1 then,

  1. Create an additional CloudFront origin pointing to the ap-southeast-1 bucket.

  2. Set up a CloudFront origin group with the us-west-1 bucket as the primary and the ap-southeast-1 bucket as the secondary.

  • Field-level encryption

    • Adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it

    • Enable your users to securely upload sensitive information to your web servers