视频来源:B站《AWS 认证解决方案架构师 助理级 SAA-C03》
一边学习一边整理老师的课程内容及试验笔记,并与大家分享,侵权即删,谢谢支持!
附上汇总贴:AWS助理架构师认证培训 | 汇总_热爱编程的通信人的博客-CSDN博客
CloudFront Overview
AWS Cloud Front
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- Improves users experience
- 216 Point of Presence globally (edge locations)
- DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall
Cloud Front - Origins
- S3 bucketFor distributing files and caching them at the edgeEnhanced security with CloudFront Origin Access Control (OAC)OAC is replacing Origin Access Identity (OAI)CloudFront can be used as an ingress (to upload files to S3)
- Custom Origin (HTTP)Application Load BalancerEC2 instanceS3 website (must first enable the bucket as a static S3 website)Any HTTP backend you want
CloudFront at a high level
CloudFront - S3 as an Origin
CloudFront vs S3 Cross Region Replication
- Cloud Front:Global Edge network Files are cached for a TTL (maybe a day)Great for static content that must be available everywhere
- S3 Cross Region Replication:Must be setup for each region you want replication to happen Files are updated in near real-time Read only Great for dynamic content that needs to be available at low-latency in few regions
CloudFront - ALB as an Origin
CloudFront - ALB or EC2 as an origin
CloudFront - Geo Restriction
CloudFront Geo Restriction
- You can restrict who can access your distributionAllowlist: Allow your users to access your content only if they're in one of the countries on a list of approved countries.Blocklist: Prevent your users from accessing your content if they're in one of the countries on a list of banned countries.
- The "country" is determined using a 3rd party Geo-IP database
- Use case: Copyright Laws to control access to content
CloudFront - Price Classes
CloudFront - Pricing
- CloudFront Edge locations are all around the world
- The cost of data out per edge location varies
CloudFront - Price Classes
- You can reduce the number of edge locations for cost reduction
- Three price classes:Price Class All: all regions - best performancePrice Class 200: most regions, but excludes the most expensive regions Price Class 100: only the least expensive regions
CloudFront - Price Class
CloudFront - Cache Invalidation
CloudFront - Cache Invalidations
- In case you update the back-end origin, CloudFront doesn't know about it and will only get the refreshed content after the TTL has expired
- However, you can force an entire or partial cache refresh (thus bypassing the TTL) by performing a CloudFront Invalidation
- You can invalidate all files (*) or a special path (/images/*)
AWS Global Accelerator - Overview
Global users for our application
- You have deployed an application and have global users who want to access it directly.
- They go over the public internet, which can add a lot of latency due to many hops
- We wish to go as fast as possible through AWS network to minimize latency
Unicast IP vs Anycast IP
- Unicast IP: one server holds one IP address
- Anycast IP: all servers hold the same IP address and the client is routed to the nearest one
AWS Global Accelerator
- Leverage the AWS internal network to route to your application
- 2 Anycast IP are created for your application
- The Anycast IP send traffic directly to Edge Locations
- The Edge locations send the trafic to your application
AWS Global Accelerator
- Works with Elastic IP, EC2 instances, ALB, NLB, public or private
- Consistent PerformanceIntelligent routing to lowest latency and fast regional failover No issue with client cache (because the IP doesn't change)Internal AWS network
- Health ChecksGlobal Accelerator performs a health check of your applications Helps make your application global (failover less than 1 minute for unhealthy)Great for disaster recovery (thanks to the health checks)
- Securityonly 2 external IP need to be whitelistedDDoS protection thanks to AWS Shield
AWS Global Accelerator vs CloudFront
- They both use the AWS global network and its edge locations around the world
- Both services integrate with AWS Shield for DDoS protection
- CloudFrontImproves performance for both cacheable content (such as images and videos)Dynamic content (such as APl acceleration and dynamic site delivery)Content is served at the edge
- Global AcceleratorImproves performance for a wide range of applications over TCP or UDP Proxying packets at the edge to applications running in one or more AWS RegionsGood fit for non-HTTP use cases, such as gaming (UDP) , loT (MQTT), or Voice over IP Good for HTTP use cases that require static IP addressesGood for HTTP use cases that required deterministic, fast regional failover