AWS Networking Fundamentals
Edge Networks
CloudFront
In this lesson, we dive into Amazon CloudFront—a powerful Content Delivery Network (CDN) that reduces latency and accelerates both static and dynamic content. Learn how edge caching, TTL management, and origin failover work together to deliver fast, reliable experiences for users worldwide.
The Latency Challenge
When your web application resides in a single AWS Region (for example, us-east-1 in New York), users nearby see quick responses, but those thousands of miles away suffer high round-trip times. Slow page loads, video buffering, and large downloads frustrate end users.
By deploying dozens of edge locations around the globe, CloudFront brings content closer to your users, slashing latency and improving performance.
What Is CloudFront?
Amazon CloudFront is AWS’s global CDN service. It delivers your web assets—HTML, CSS, JavaScript, images, videos, APIs, and dynamic content—via a worldwide network of edge caches. Instead of every user request going back to your origin server, CloudFront routes traffic to the nearest edge location.
Note
Using CloudFront for both static and dynamic assets improves load times, reduces origin load, and can lower data transfer costs.
Core Components
Component | Description |
---|---|
Origin | The source of your content: S3 bucket, EC2/On-Prem HTTP server, Elastic Load Balancer, etc. |
Distribution | Configuration that links one or more origins to CloudFront; provides a unique domain name. |
Edge Location | A global cache point where CloudFront stores and serves your objects. |
Distribution Workflow
- User requests content from your
*.cloudfront.net
domain. - CloudFront routes to the nearest edge location.
- Cache Hit: Edge returns the object immediately.
- Cache Miss: Edge fetches from the origin, caches the response, then serves the user.
Origin Interaction Examples
S3 Bucket as Origin
- User → CloudFront edge
- Edge: cache hit → serve directly
- Edge: cache miss → fetch from S3 → cache → serve
Custom HTTP Backend
- User → CloudFront edge
- Edge: cache hit → serve content
- Edge: cache miss → fetch from your HTTP server → cache → serve
Cache Expiration (TTL)
Each cached object at an edge location lives for its Time To Live (TTL). Once TTL expires, the object is evicted and a new request triggers an origin fetch.
- Default TTL: 24 hours
- Customize per object or set absolute expiration timestamps
Warning
Serving stale content is possible if TTL is too long. Tune your Cache-Control headers carefully to balance freshness and performance.
Cache Invalidation
Updating assets before their TTL expires requires explicit cache invalidation. Otherwise, edge locations will continue to serve the old version.
Invalidation process
- Submit invalidation for the object path (e.g.,
/images/logo.png
). - Edge caches remove the object.
- Next request → origin fetch → cache updated → user gets the new version.
Origin Groups for High Availability
CloudFront origin groups let you specify a primary and secondary origin. If the primary fails (for example, 5xx errors or timeouts), CloudFront automatically retries against the secondary, ensuring uninterrupted service.
Logging and Monitoring
CloudFront can publish detailed logs to Amazon S3, Amazon CloudWatch Logs, or third-party analytics tools. Logs include:
- Request timestamp
- Client IP address
- Requested object and HTTP method
- Response status code
Summary of CloudFront Features
- Global CDN: Edge caching for low-latency delivery
- Flexible Origins: S3, HTTP servers, load balancers
- Distributions: Custom configuration with domain name
- TTL & Invalidation: Fine-grained cache control
- Origin Groups: Automatic failover for high availability
- Logging: Insights into traffic patterns and errors
Links and References
Watch Video
Watch video content