[ AWS CloudFront ]
한국 유저가 호주 S3 bucket 의 컨텐츠 요청시 한국에서 가까운 edge(eg. 도쿄) 에서 cached 된 데이터를 가져옴
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- 216 Point of Presence globally (edge locations)
- DDos protection, integration with Shield, AWS Web application firewall
- can expose external HTTPS and can talk to internal HTTPS backends
[ CloudFront - Origins ]
S3 bucket / Custom origin 에 CloudFront 만 접속/접근을 허용하게 설정(OAI)하여 보안성 향상
1. S3 bucket
- For distributing files and caching them at the edge
- Enhanced security with CloudFront Origin Access Identity (OAI)
- CloudFront can be used as an ingress (to upload files to S3)
2. Custom Origin (HTTP)
- Application Load Balancer
- EC2 instance
- S3 website (must first enable the bucket as a static S3 website)
- Any HTTP backend you want
# CloudFront at a high level
# CloudFront - S3 as an Origin
# CloudFront - ALB or EC2 as an origin
[ CloudFront Geo Restriction ]
- You can restrict who can access your distribution
- can use Whitelist/Blacklist
- The country is determined using a 3rd party Geo-IP database
ex. Copyright Laws to control access to content
[ CloudFront vs S3 Cross Region Replication ]
1) CloudFront :
- Global Edge network
- Files are cached for a TTL (maybe a day)
- Great for static content that must be available everywhere
2) S3 Cross Region Replication :
- Must be setup for each region you want replication to happen
- Files are updated in near real-time
- Read only
- Great for dynamic content that needs to be available at low-latency in few regions
'infra & cloud > AWS' 카테고리의 다른 글
| [AWS] 11. AWS Storage Extras : Snowball (0) | 2021.04.12 |
|---|---|
| [AWS] 10-2. CloudFront Signed URL / Cookies, Global Accelerator (0) | 2021.04.11 |
| [AWS] 9-4. S3 Performance (0) | 2021.04.10 |
| [AWS] 9-3. Storage Classes + Glacier (0) | 2021.04.06 |
| [AWS] 9-2. S3 Access Logs, S3 Replication (0) | 2021.04.04 |