In Amazon CloudFront, a lot happens in just a few milliseconds. Come dive deep into the infrastructure and architecture of AWS’ Edge services including CloudFront, Route 53, Shield and WAF. We’ll breakdown the life of an HTTP request (and any request in general) and walk you through how each of AWS’ Edge services work together in just a few milliseconds to consistently deliver your application’s content with high availability, security, and performance. You will earn how Edge services intelligently route requests to the most ideal Edge location, secure your content behind the scenes, and leverage AWS’ private network for improved performance.

1. S U M M I T
Lo n don

2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
A few milliseconds in the life of an
HTTP request
Chanka Perera
Solutions Architect, Media,
Entertainments and Telco
N E T 0 0 2
Fabrizio Fortunato
Lead frontend developer
Ryanair Labs

3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Agenda
Overview
Request flow inside Amazon CloudFront
Layer 1 – Viewer facing layer
Layer 2 – Caching layer
Layer 3 – Origin facing layer
Ryanair – Flying in the Cloud

4. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 166 PoPs worldwide

6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
In Europe
Edge locations:
Amsterdam, The Netherlands (2);
Berlin, Germany (2); Copenhagen, Denmark;
Dublin, Ireland; Frankfurt, Germany (8);
Helsinki, Finland; London (9); Madrid, Spain (2);
Manchester; Marseille, France;
Milan, Italy; Munich (2); Oslo, Norway; Palermo,
Italy; Paris, France (5);
Prague, Czech Republic;
Stockholm, Sweden (3);
Vienna, Austria;
Warsaw, Poland;
Zurich, Switzerland
Regional Edge caches:
Frankfurt, Germany; London, England

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
d1886tp5fhflpy.cloudfront.net?
CloudFront DNS
CloudFront POP
Http request lifecycle

9. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
DNS lookup
Resolver
POP
Performance
Server Capacity
POP Health
Network Capacity
• AWS re:Invent 2017: Measuring the Internet in Real Time
(CTD406 https://www.youtube.com/watch?v=54kPAADonqA)

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
DDoS protection
AWS Shield Only HTTP/HTTPS
SYN proxy
Suspicion-based traffic shaping

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
POP architecture (1/2)

13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
POP architecture (2/2)
￫ Infrequent ￫ Dynamic ￫ Dynamic & frequent

14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Regional Edge Caches architecture
￫ Dynamic

15. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
TCP/TLS acceleration

17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS WAF
Security
Automations
Managed Rules
for AWS WAF
Multiple Rule
Condition Types
Combine and
build hierarchy
Actions : Allow /
Block / Count
CloudWatch
Metrics
Sampled Web
Requests
Full Logs
Lambda
Automations
AWS Firewall
Manager

18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS WAF

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Viewer events for Lambda@Edge
Session-Id
valid?
Signed-In Users

20. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Maximizing Cache Hit Ratio
Consistent hashing
Regional Edge Caches
Response streaming
Request collapsing

22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Performance - Collapse Forwarding
Collapse

23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Cache control strategy
Cache-Control: no-store
Disable caching on CloudFront
(Forward all headers)
/api/cart
Cache-Control: no-cache
ETag: “fsd435fsd3dfgkjhgff”
Set MinTTL on distribution
/
Cache-Control: max-age=31536000
ETag: “fsd435fsd3dfgkjhgff”
URL versioning
/image.jpg

24. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Connection to origin

26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Origin Failover

27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Persistent connections

28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Availability - When things go wrong…

29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

30. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Key Takeaways
• Feedback loops
• Modular and layered architecture
• Let your customer innovate
• Make security invisible
• Treat content differently

32. Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fabrizio Fortunato
Lead frontend developer
Ryanair
Chanka Perera
Solutions Architect, Media,
Entertainments and Telco

33. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.