- Amazon CloudFront is a web service.
- Quickly distribute user content over worldwide network of data centers.
- Increasing network performance by reducing latency (time delays).
- CloudFront is compliance with HIPAA and PCI DSS
Amazon CloudFront is a web service that speeds up distribution of static and dynamic web content, such as .html, .css, .php, and image files, to end users.
CloudFront delivers user content through a worldwide network of data centers called edge locations.
When a user requests content that is serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
If the content is not in that edge location, CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a web server).
Amazon CloudFront Content delivering:
1.Configuring CloudFront to deliver Content.
2.How CloudFront deliver content to user?
- Configuring CloudFront to deliver Content:
1.Fistly, configure your origin servers, from which CloudFront gets your files for distribution from CloudFront edge locations all over the world.
An origin server stores the original, definitive version of user’s objects. If user serving content over HTTP, then origin server is either an Amazon S3 bucket or an HTTP server, such as a web server.
HTTP server can run on an Amazon Elastic Compute Cloud (Amazon EC2) instance or on a server that you manage
These servers are also known as custom origins.
2.Then upload your files to your origin servers.
Your files, also known as objects, which include web pages, images, and media files, that can be served over HTTP or a supported version of Adobe RTMP, the protocol used by Adobe Flash Media Server.
3.Then create a CloudFront distribution, which tells CloudFront which origin servers to get your files from when users request the files through your web site or application.
4.CloudFront assigns a domain name to your new distribution and displays it in the CloudFront console or returns it in the response to a programmatic request, for example, an API request.
5.CloudFront sends your distribution’s configuration (but not your content) to all of its edge locations—collections of servers in geographically dispersed data centers where CloudFront caches copies of your objects.
- How cloudFront deliver content to user?
After configuring CloudFront to deliver your content, what happens when users request your objects:
1.A user accesses your website or application and requests one or more objects, such as an image file and an HTML file.
2.DNS routes the request to the CloudFront edge location that can best serve the user’s request, typically the nearest CloudFront edge location in terms of latency, and routes the request to that edge location.
3.In the edge location, CloudFront checks its cache for the requested files. If the files are in the cache, CloudFront returns them to the user. If the files are not in the cache, it does the following:
a.CloudFront compares the request with the specifications in your distribution and forwards the request for the files to the applicable origin server for the corresponding file type—for example, to your Amazon S3 bucket for image files and to your HTTP server for the HTML files.
b.The origin servers send the files back to the CloudFront edge location.
c.As soon as the first byte arrives from the origin, CloudFront begins to forward the files to the user. CloudFront also adds the files to the cache in the edge location for the next time someone requests those files.
CloudFront Regional Edge Caches bring more of the user content closer to the viewers.
It also store not so popular content at a CloudFront edge location.
This helps to improve performance for viewers, while lowering the operational burden and cost of scaling origin resources.
This feature helps with all types of content, particularly content that tends to become less popular over time.
Features of CloudFront Regional Edge:
- Their is no need to make any changes to CloudFront distributions. Regional edge caches are enabled by default for all CloudFront distributions.
- There is no additional cost for using this feature.
- Regional Edge Caches have feature parity with edge locations. For example, a cache invalidation request removes an object from both edge caches and Regional Edge Caches before it expires.
- Regional Edge Caches are available for custom origins. Amazon S3 origins are not supported.
- Dynamic content as determined at request time (cache-behavior configured to forward all headers) does not flow through the Regional Edge Caches, but goes directly to the origin.
- User can measure the performance improvements from this feature by using cache-hit ratio metrics available on the console.
Amazon Web Services (AWS) publishes its current IP address ranges in JSON format.
To view the current ranges, download the .json file.
To maintain history, save successive versions of the .json file.
Amazon CloudFront is Compliance with
- PCI DSS
- PCI DSS:
The Payment Card Industry Data Security Standard ( PCI DSS) is a proprietary information security standard
It is administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
CloudFront supports the processing, storage, and transmission of credit card data by a merchant or service provider and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS).
A large and growing number of healthcare providers, payers and IT professionals are using AWS’s utility-based cloud services to process, store, and transmit PHI (Protected health information).
AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA).
It is used to leverage the secure AWS environment to process, maintain, and store protected health information.