SlideShare a Scribd company logo

(STG206) Using Amazon CloudFront For Your Websites & Apps

Amazon Web Services
Amazon Web Services

"Amazon CloudFront, the AWS Content Delivery Network (CDN), can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.   In this technical session, learn directly from CloudFront engineers on how you can improve the performance, availability, and cacheability of your website or application. Several topics will be explored in a series of flash talks including: Best Practices for Setting up Your Origin, How to Gain Visibility into Your Distribution Using Real-Time Metrics & Analytics, How to Improve Cacheability,  and How to Test Your Configuration. This session assumes a working knowledge of CDN."

Technology
1 of 53
Download to read offline
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alex Dunlap GM, Amazon CloudFront Jarrod Guthrie Sr. Product Manager, Amazon CloudFront Calin Nemes Sr. Support Engineer, Amazon CloudFront Matthew Baldwin Sr. Software Development Engineer, Amazon CloudFront October 2015 Using Amazon CloudFront to Improve Performance, Availability and Cacheability STG206
What to expect from the session • Best practices for setting up your origin • Gaining visibility into your distribution • How to improve cacheability • How to test your configuration
Best practices for setting up your origin
Following origin best practices can give you… Easier debugging Better performance Higher availability
Five best practices 1. Use Amazon Route 53 health checks and DNS failover 2. Configure multiple origins 3. Secure your origin 4. Log request IDs 5. Set origin response headers
Failover Only return answers for resources that are healthy and reachable from the outside world, so that your end users are routed away from a failed or unhealthy part of your application Health Checks Automated requests sent over the Internet to your application to verify that your application is reachable, available, and functional + Amazon Route 53 health checks and DNS failover
Use Route 53 to improve availability & performance
Use Route 53 to improve availability & performance
Use Route 53 to improve availability & performance
Use Route 53 to improve availability & performance
Use Route 53 to improve availability & performance eu-west-1
Configure multiple origins Elastic Load Balancing Dynamic content Amazon EC2 Static content Amazon S3 * (default) /error/* /assets/* Amazon CloudFront example.com
Access control: Restricting origin access Amazon S3 Origin Access Identify (OAI) • Prevents direct access to your Amazon S3 bucket • Ensure performance benefits to all customers Custom origin Block by IP address • Whitelist only the Amazon CloudFront IP Range • Protects origin from overload • Ensure performance benefits to all customers
Object Access Identity (OAI) • Ensure only Amazon CloudFront can access Amazon S3 bucket • We make it simple for you Amazon CloudFront Region Amazon S3 bucket Custom origin
Object Access Identity (OAI) • Ensure only Amazon CloudFront can access Amazon S3 bucket • We make it simple for you Amazon CloudFront Region Amazon S3 bucket Custom origin
Shield custom origin • Shield your custom origin • Whitelist Amazon CloudFront IP range Amazon CloudFront Region Amazon S3 bucket Custom Origin
Shield custom origin • Shield your custom origin • Whitelist Amazon CloudFront IP range Amazon CloudFront Region Amazon S3 bucket Custom origin
Shield custom origin • Subscribe to Amazon SNS notifications on changes to IP ranges • Automatically update security groups AWS Lambda Amazon CloudFront Amazon SNS Security group Web app server Web app server AWS IP ranges Update IP range SNS message
Log Amazon CloudFront request IDs at origin Nginx: log_format main '$remote_addr - $remote_user [$time_local] "$request" ‘ '$status $body_bytes_sent "$http_referer" ‘ '"$http_user_agent" http_x_forwarded_for" "$http_x_amz_cf_id"'; Apache: LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Amz-Cf-Id}i"" combined
Set origin response headers *Strict-Transport-Security: max-age=15552000; *X-Frame-Options: SAMEORIGIN *X-XSS-Protection: 1; mode=block Options *Cache-Control: max-age=300; public
Demo
Key takeaways • Use Amazon Route53’s health checks and DNS failover • Improve security by setting headers at your origin • Enable logging • Serve your static assets on Amazon S3 • Serve error pages from Amazon S3
Gaining visibility into your distribution
Visibility into your distribution Four different ways to get visibility: • AWS CloudTrail – for monitoring distribution config changes • Near real-time metrics – Provided by Amazon CloudFront • Amazon CloudFront reports – for analytics • Amazon CloudWatch Logs – for custom monitoring
Monitor distribution config changes • Monitor changes to distribution configuration using AWS CloudTrail • Get alarms when: • Distribution is disabled • Trusted signers are disabled • Custom TLS certificate changes
Amazon CloudFront near real-time metrics • Provided in near real-time • Via Amazon CloudWatch • Alarm on 6 metrics: • Requests • Bytes downloaded • Bytes uploaded • 4XX error rate • 5XX error rate • Total error rate
Amazon CloudFront reports to identify trends • Cache hit/miss • Incomplete downloads • Top countries • Mobile users • Popular objects
Generate custom metrics • Amazon CloudFront access logs • Delivered via Amazon Kinesis to Amazon S3 buckets • Typically within an hour of an event happening Edge location Amazon S3 Edge location Edge location
Generate custom metrics • Upload logs to Amazon CloudWatch using AWS Lambda Amazon CloudFront Amazon S3 AWS Lambda Amazon CloudWatch Alarm Keywords e.g. Bots Granular Response Code e.g. 4XX Request to certain URLs TLS versions
Demo
Key takeaways • Enable AWS CloudTrail • Monitor your Amazon CloudFront reports • Create alarms • Subscribe to Amazon CloudFront access logs • Push logs to Amazon CloudWatch
How to improve cacheability
Improving cacheability of your objects • Versioning website assets • Cache headers • Shared distribution • Forwarded values • Path prefix invalidations
Versioning website assets <link href="//assets.example.com/assets/v1/css/jumbotron-narrow.css“ rel="stylesheet"> <link href="//assets.example.com/assets/v2/css/jumbotron-narrow.css“ rel="stylesheet"> <link href="//assets.example.com/assets/css/jumbotron-narrow.css?<md5sum>“ rel="stylesheet">
Cache-Control & expires < Cache-Control: max-age=300 < Cache-Control: max-age=30, s-maxage=3000 < Expires: Thu, 18 Sep 2025 21:34:50 GMT Min TTL Default TTL Max TTL Set min, max and default TTL on Amazon CloudFront
Cache-Control & expires *.css, *.js or Images Cache-Control: public; max- age=31536000 index.html Cache-Control: no-cache=Set- Cookie; max- age=30 Live streaming /*.m3u8 => Cache- Control: public; max-age=2
Shared distributions • Shared assets across multiple properties Static content Amazon S3 Amazon CloudFront assets.example.com www.example.com www.example.org
Forwarded values • Check forwarded headers • Query string forwarding • Cookie forwarding • Trusted Advisor checks
Invalidations • Last resort • Only applies to Amazon CloudFront cache, not browsers or intermediary caches
Demo
Key takeaways • Use versioning • Use multiple cache behaviors • Forward only required headers • Use invalidations as last resort
How to test your configuration
Test your configuration • Test in development mode • Ensure content is cached correctly • Performance testing • Load testing • Test SSL configuration
Turn on development mode • Set maximum TTL to 0 • Without need to constantly invalidate! • Forwarding all headers changes behavior • Whitelist your IP using AWS WAF so only accessible from corporate network • Signed cookies
Ensure content is cached correctly Check cache/hit miss ratio of distribution on reports Developer console on Chrome or Firefox • Age header • X-Cache • Cache-Control headers • HSTS headers
Performance testing Backbone testing Last mile testing Real user testing
Load testing Traditional load testing • Use one client • From a single region • Hits single IP DNS load balancing  Simulate real user environment  Ideal load testing • Clients from multiple locations • Independent DNS requests • Distribute across IPs DNS load balancing  Simulate real user environment 
SSL labs • Verify your SSL config
Demo
Key takeaways • Switch off caching during development mode • Use RUM for performance testing • If you load test - test from multiple locations
Thank you!
Remember to complete your evaluations!
Related Sessions SEC323: Securing Web Applications with AWS WAF Friday, Oct 9 at 9:00 AM – 10:00 AM Lando 4301B

Recommended

AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFront
AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFrontAWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFront
AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFrontAmazon Web Services
 
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAmazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFrontAmazon Web Services
 
SRV206 Getting Started with Amazon CloudFront Content Delivery Network
SRV206 Getting Started with Amazon CloudFront Content Delivery NetworkSRV206 Getting Started with Amazon CloudFront Content Delivery Network
SRV206 Getting Started with Amazon CloudFront Content Delivery NetworkAmazon Web Services
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Whole Site Delivery with Amazon CloudFront
Whole Site Delivery with Amazon CloudFrontWhole Site Delivery with Amazon CloudFront
Whole Site Delivery with Amazon CloudFrontAmazon Web Services
 

Recommended

AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFront
AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFrontAWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFront
AWS 201 - A Walk through the AWS Cloud: Introduction to Amazon CloudFrontAmazon Web Services
 
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAmazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFrontAmazon Web Services
 
SRV206 Getting Started with Amazon CloudFront Content Delivery Network
SRV206 Getting Started with Amazon CloudFront Content Delivery NetworkSRV206 Getting Started with Amazon CloudFront Content Delivery Network
SRV206 Getting Started with Amazon CloudFront Content Delivery NetworkAmazon Web Services
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Whole Site Delivery with Amazon CloudFront
Whole Site Delivery with Amazon CloudFrontWhole Site Delivery with Amazon CloudFront
Whole Site Delivery with Amazon CloudFrontAmazon Web Services
 
AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17Amazon Web Services
 
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)Amazon Web Services
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...Amazon Web Services
 
Build A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million UsersBuild A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Amazon Web Services
 
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...Amazon Web Services
 
Amazon CloudFront Complete with Blazeclan's Media Solution Stack
Amazon CloudFront Complete with Blazeclan's Media Solution StackAmazon CloudFront Complete with Blazeclan's Media Solution Stack
Amazon CloudFront Complete with Blazeclan's Media Solution StackBlazeclan Technologies Private Limited
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
 
Next-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationNext-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationAmazon Web Services
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Best practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontBest practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontAmazon Web Services
 
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...Amazon Web Services
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...Amazon Web Services
 
Amazon EC2:Masterclass
Amazon EC2:MasterclassAmazon EC2:Masterclass
Amazon EC2:MasterclassAmazon Web Services
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...Amazon Web Services
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Amazon Web Services
 

More Related Content

What's hot

AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17Amazon Web Services
 
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)Amazon Web Services
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...Amazon Web Services
 
Build A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million UsersBuild A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Amazon Web Services
 
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...Amazon Web Services
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
 
Next-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationNext-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationAmazon Web Services
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Best practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontBest practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontAmazon Web Services
 
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...Amazon Web Services
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...Amazon Web Services
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...Amazon Web Services
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)Amazon Web Services
 

What's hot (20)

AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17
 
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
 
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
AWS 201 - A Walk through the AWS Cloud: Delivering Static and Dynamic Content...
 
Build A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million UsersBuild A Website on AWS for Your First 10 Million Users
Build A Website on AWS for Your First 10 Million Users
 
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
 
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
AWS re:Invent 2016: Stop Managing Email Infrastructure: Move to Amazon WorkMa...
 
Amazon CloudFront Complete with Blazeclan's Media Solution Stack
Amazon CloudFront Complete with Blazeclan's Media Solution StackAmazon CloudFront Complete with Blazeclan's Media Solution Stack
Amazon CloudFront Complete with Blazeclan's Media Solution Stack
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
 
Next-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationNext-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC Integration
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
Best practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontBest practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud front
 
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
AWS APAC Webinar Week - AWS MySQL Relational Database Services Best Practices...
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECS
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
 
Amazon EC2:Masterclass
Amazon EC2:MasterclassAmazon EC2:Masterclass
Amazon EC2:Masterclass
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
 
Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...Scale Your Application while Improving Performance and Lowering Costs (SVC203...
Scale Your Application while Improving Performance and Lowering Costs (SVC203...
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
 

Viewers also liked

Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Amazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsAmazon Web Services
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAmazon Web Services
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivAmazon Web Services
 
AWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAmazon Web Services
 
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPCAmazon Web Services
 
Workshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesWorkshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesAmazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Amazon Web Services
 
(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++Amazon Web Services
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAmazon Web Services
 
Grid Computing for Financial Services
Grid Computing for Financial ServicesGrid Computing for Financial Services
Grid Computing for Financial ServicesAmazon Web Services
 

Viewers also liked (20)

Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Agile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel AvivAgile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel Aviv
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services Patterns
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage Options
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel Aviv
 
AWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & Demo
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
 
Workshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesWorkshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs Zombies
 
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
 
(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended Practices
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel Aviv
 
My First Big Data Application
My First Big Data ApplicationMy First Big Data Application
My First Big Data Application
 
Grid Computing for Financial Services
Grid Computing for Financial ServicesGrid Computing for Financial Services
Grid Computing for Financial Services
 

Similar to (STG206) Using Amazon CloudFront For Your Websites & Apps

透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...Amazon Web Services
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Adrian Hornsby
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Amazon Web Services
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
Journey Through the Cloud - Digital Media
Journey Through the Cloud - Digital MediaJourney Through the Cloud - Digital Media
Journey Through the Cloud - Digital MediaAmazon Web Services
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsAmazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the CloudAdrian Hornsby
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudAmazon Web Services
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Amazon Web Services
 

Similar to (STG206) Using Amazon CloudFront For Your Websites & Apps (20)

透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
 
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
Journey Through the Cloud - Digital Media
Journey Through the Cloud - Digital MediaJourney Through the Cloud - Digital Media
Journey Through the Cloud - Digital Media
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFront
 
Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 Threats
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloud
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

(STG206) Using Amazon CloudFront For Your Websites & Apps

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alex Dunlap GM, Amazon CloudFront Jarrod Guthrie Sr. Product Manager, Amazon CloudFront Calin Nemes Sr. Support Engineer, Amazon CloudFront Matthew Baldwin Sr. Software Development Engineer, Amazon CloudFront October 2015 Using Amazon CloudFront to Improve Performance, Availability and Cacheability STG206
  • 2. What to expect from the session • Best practices for setting up your origin • Gaining visibility into your distribution • How to improve cacheability • How to test your configuration
  • 3. Best practices for setting up your origin
  • 4. Following origin best practices can give you… Easier debugging Better performance Higher availability
  • 5. Five best practices 1. Use Amazon Route 53 health checks and DNS failover 2. Configure multiple origins 3. Secure your origin 4. Log request IDs 5. Set origin response headers
  • 6. Failover Only return answers for resources that are healthy and reachable from the outside world, so that your end users are routed away from a failed or unhealthy part of your application Health Checks Automated requests sent over the Internet to your application to verify that your application is reachable, available, and functional + Amazon Route 53 health checks and DNS failover
  • 7. Use Route 53 to improve availability & performance
  • 8. Use Route 53 to improve availability & performance
  • 9. Use Route 53 to improve availability & performance
  • 10. Use Route 53 to improve availability & performance
  • 11. Use Route 53 to improve availability & performance eu-west-1
  • 12. Configure multiple origins Elastic Load Balancing Dynamic content Amazon EC2 Static content Amazon S3 * (default) /error/* /assets/* Amazon CloudFront example.com
  • 13. Access control: Restricting origin access Amazon S3 Origin Access Identify (OAI) • Prevents direct access to your Amazon S3 bucket • Ensure performance benefits to all customers Custom origin Block by IP address • Whitelist only the Amazon CloudFront IP Range • Protects origin from overload • Ensure performance benefits to all customers
  • 14. Object Access Identity (OAI) • Ensure only Amazon CloudFront can access Amazon S3 bucket • We make it simple for you Amazon CloudFront Region Amazon S3 bucket Custom origin
  • 15. Object Access Identity (OAI) • Ensure only Amazon CloudFront can access Amazon S3 bucket • We make it simple for you Amazon CloudFront Region Amazon S3 bucket Custom origin
  • 16. Shield custom origin • Shield your custom origin • Whitelist Amazon CloudFront IP range Amazon CloudFront Region Amazon S3 bucket Custom Origin
  • 17. Shield custom origin • Shield your custom origin • Whitelist Amazon CloudFront IP range Amazon CloudFront Region Amazon S3 bucket Custom origin
  • 18. Shield custom origin • Subscribe to Amazon SNS notifications on changes to IP ranges • Automatically update security groups AWS Lambda Amazon CloudFront Amazon SNS Security group Web app server Web app server AWS IP ranges Update IP range SNS message
  • 19. Log Amazon CloudFront request IDs at origin Nginx: log_format main '$remote_addr - $remote_user [$time_local] "$request" ‘ '$status $body_bytes_sent "$http_referer" ‘ '"$http_user_agent" http_x_forwarded_for" "$http_x_amz_cf_id"'; Apache: LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Amz-Cf-Id}i"" combined
  • 20. Set origin response headers *Strict-Transport-Security: max-age=15552000; *X-Frame-Options: SAMEORIGIN *X-XSS-Protection: 1; mode=block Options *Cache-Control: max-age=300; public
  • 21. Demo
  • 22. Key takeaways • Use Amazon Route53’s health checks and DNS failover • Improve security by setting headers at your origin • Enable logging • Serve your static assets on Amazon S3 • Serve error pages from Amazon S3
  • 23. Gaining visibility into your distribution
  • 24. Visibility into your distribution Four different ways to get visibility: • AWS CloudTrail – for monitoring distribution config changes • Near real-time metrics – Provided by Amazon CloudFront • Amazon CloudFront reports – for analytics • Amazon CloudWatch Logs – for custom monitoring
  • 25. Monitor distribution config changes • Monitor changes to distribution configuration using AWS CloudTrail • Get alarms when: • Distribution is disabled • Trusted signers are disabled • Custom TLS certificate changes
  • 26. Amazon CloudFront near real-time metrics • Provided in near real-time • Via Amazon CloudWatch • Alarm on 6 metrics: • Requests • Bytes downloaded • Bytes uploaded • 4XX error rate • 5XX error rate • Total error rate
  • 27. Amazon CloudFront reports to identify trends • Cache hit/miss • Incomplete downloads • Top countries • Mobile users • Popular objects
  • 28. Generate custom metrics • Amazon CloudFront access logs • Delivered via Amazon Kinesis to Amazon S3 buckets • Typically within an hour of an event happening Edge location Amazon S3 Edge location Edge location
  • 29. Generate custom metrics • Upload logs to Amazon CloudWatch using AWS Lambda Amazon CloudFront Amazon S3 AWS Lambda Amazon CloudWatch Alarm Keywords e.g. Bots Granular Response Code e.g. 4XX Request to certain URLs TLS versions
  • 30. Demo
  • 31. Key takeaways • Enable AWS CloudTrail • Monitor your Amazon CloudFront reports • Create alarms • Subscribe to Amazon CloudFront access logs • Push logs to Amazon CloudWatch
  • 32. How to improve cacheability
  • 33. Improving cacheability of your objects • Versioning website assets • Cache headers • Shared distribution • Forwarded values • Path prefix invalidations
  • 35. Cache-Control & expires < Cache-Control: max-age=300 < Cache-Control: max-age=30, s-maxage=3000 < Expires: Thu, 18 Sep 2025 21:34:50 GMT Min TTL Default TTL Max TTL Set min, max and default TTL on Amazon CloudFront
  • 36. Cache-Control & expires *.css, *.js or Images Cache-Control: public; max- age=31536000 index.html Cache-Control: no-cache=Set- Cookie; max- age=30 Live streaming /*.m3u8 => Cache- Control: public; max-age=2
  • 37. Shared distributions • Shared assets across multiple properties Static content Amazon S3 Amazon CloudFront assets.example.com www.example.com www.example.org
  • 38. Forwarded values • Check forwarded headers • Query string forwarding • Cookie forwarding • Trusted Advisor checks
  • 39. Invalidations • Last resort • Only applies to Amazon CloudFront cache, not browsers or intermediary caches
  • 40. Demo
  • 41. Key takeaways • Use versioning • Use multiple cache behaviors • Forward only required headers • Use invalidations as last resort
  • 42. How to test your configuration
  • 43. Test your configuration • Test in development mode • Ensure content is cached correctly • Performance testing • Load testing • Test SSL configuration
  • 44. Turn on development mode • Set maximum TTL to 0 • Without need to constantly invalidate! • Forwarding all headers changes behavior • Whitelist your IP using AWS WAF so only accessible from corporate network • Signed cookies
  • 45. Ensure content is cached correctly Check cache/hit miss ratio of distribution on reports Developer console on Chrome or Firefox • Age header • X-Cache • Cache-Control headers • HSTS headers
  • 46. Performance testing Backbone testing Last mile testing Real user testing
  • 47. Load testing Traditional load testing • Use one client • From a single region • Hits single IP DNS load balancing  Simulate real user environment  Ideal load testing • Clients from multiple locations • Independent DNS requests • Distribute across IPs DNS load balancing  Simulate real user environment 
  • 48. SSL labs • Verify your SSL config
  • 49. Demo
  • 50. Key takeaways • Switch off caching during development mode • Use RUM for performance testing • If you load test - test from multiple locations
  • 53. Related Sessions SEC323: Securing Web Applications with AWS WAF Friday, Oct 9 at 9:00 AM – 10:00 AM Lando 4301B