This document provides best practices for content delivery using Amazon CloudFront. It discusses optimizing delivery of static assets, dynamic content, and streaming media through techniques like caching, custom error pages, health checks, security configurations, and analytics. Specific recommendations include using S3 for static assets, controlling access, caching at multiple layers, versioning objects, caching dynamic content, setting streaming media TTLs, monitoring, and using reports to personalize content.
In this session, we cover all options for running containers on AWS. This includes an introduction of container concepts and an overview of the different services: Amazon Elastic Container Service, AWS Fargate, and Amazon Elastic Container Service for Kubernetes. We also cover best practices for how to choose the right orchestration platform for your workload, the different tools for making this process easier, and ways to find more information and support as you work.
In this deck from HPCKP'19, Karl Schultz from TACC presents: OpenHPC: Community Building Blocks for HPC Systems.
"Over the last several years, OpenHPC has emerged as a community-driven stack providing a variety of common, pre-built ingredients to deploy and manage an HPC Linux cluster including provisioning tools, resource management, I/O clients, runtimes, development tools, containers, and a variety of scientific libraries. Formed initially in November 2015 and formalized as a Linux Foundation project in June 2016, OpenHPC has been adding new software components and now supports multiple OSes and architectures. This presentation will present an overview of the project, currently available software, and highlight more recent changes along with general project updates and future plans."
Learn more: https://openhpc.community/
and
https://hpckp.org/
Watch the video: https://wp.me/p3RLHQ-kH2
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Clusterbyonggon chun
Introduce the container runtime environment which is set up with Kubernetes and various CRI runtimes(Docker, Containerd, CRI-O) and the method of NUMA-aware resource management(CPU Manager, Topology Manager, Etc) for CNF(Containerized Network Function) within Kubernetes and related issues.
In this session, we cover all options for running containers on AWS. This includes an introduction of container concepts and an overview of the different services: Amazon Elastic Container Service, AWS Fargate, and Amazon Elastic Container Service for Kubernetes. We also cover best practices for how to choose the right orchestration platform for your workload, the different tools for making this process easier, and ways to find more information and support as you work.
In this deck from HPCKP'19, Karl Schultz from TACC presents: OpenHPC: Community Building Blocks for HPC Systems.
"Over the last several years, OpenHPC has emerged as a community-driven stack providing a variety of common, pre-built ingredients to deploy and manage an HPC Linux cluster including provisioning tools, resource management, I/O clients, runtimes, development tools, containers, and a variety of scientific libraries. Formed initially in November 2015 and formalized as a Linux Foundation project in June 2016, OpenHPC has been adding new software components and now supports multiple OSes and architectures. This presentation will present an overview of the project, currently available software, and highlight more recent changes along with general project updates and future plans."
Learn more: https://openhpc.community/
and
https://hpckp.org/
Watch the video: https://wp.me/p3RLHQ-kH2
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Clusterbyonggon chun
Introduce the container runtime environment which is set up with Kubernetes and various CRI runtimes(Docker, Containerd, CRI-O) and the method of NUMA-aware resource management(CPU Manager, Topology Manager, Etc) for CNF(Containerized Network Function) within Kubernetes and related issues.
Using Rook to Manage Kubernetes Storage with CephCloudOps2005
Moh Ahmed and Raymond Maika presented 'Using Rook to Manage Kubernetes Storage with Ceph' at Montreal's first Cloud Native Day, which took place on June 11 in Montreal.
Learn how you'll be able to quickly develop, host, and scale applications within the AWS cloud with Red Hat's OpenShift. During this session, we walk you thru the straightforward method of deploying and managing your own Linux based application within the AWS cloud and will additionally discuss key use-cases and advantages to container platform configuration, deployment, and administration.
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
Amazon VPC 내의 주요 자원을 보호하거나 규정 준수를 위해 사용되어야 하는 보안 어플라이언스의 효율적인 구성을 돕는 AWS Gateway Load Balancer의 사용 방법과 동작 원리를 알려 드립니다. Amazon VPC 내부에서 인터넷 사이트의 접근을 제한하거나 외부로부터의 침입 탐지 및 차단 기능을 사용할 수 있는 IPS 기능을 포함하는 AWS 의 관리형 방화벽인 AWS Network Firewall 의 사용 방법과 구성 가능한 다양한 레퍼런스 케이스에 대해서도 설명해 드립니다.
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHenning Jacobs
Many clusters, many problems? Having many clusters has benefits: reduced blast radius, less vertical scaling of cluster components, and a natural trust boundary. In this session, Zalando shows its approach for running 140+ clusters on AWS, how it does continuous delivery for its cluster infrastructure, and how it created open-source tooling to manage cost efficiency and improve developer experience. The company openly shares its failures and the learnings collected during three years of Kubernetes in production.
AWS re:Invent session OPN211 on 2019-12-05
Deep dive in container service discoveryDocker, Inc.
Service discovery and traffic load-balancing in the container ecosystem relies on different technologies, such as IPVS and iptables, and container orchestrators use different approaches. This talk will present in details how Docker Swarm and Kubernetes achieve this. The talk will continue with a demo showing how applications that are not managed by Kubernetes can take advantage of its native load-balancing. Finally, it will compare these approaches to service-mesh solutions.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi
TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
Join us to learn the concepts and terminology of Kubernetes such as Nodes, Labels, Pods, Replication Controllers, Services. After taking a closer look at the Kubernetes master and the nodes, we will walk you through the process of building, deploying, and scaling microservices applications. Each attendee gets $100 credit to start using Google Container Engine. The source code is available at https://github.com/janakiramm/kubernetes-101
Dimsi have developed a backup solution for Virtual Machines based on KVM hypervisors. Every layer of the product uses Open Source libraries or components (Python, VueJS, Celery, Borg Backup, Redis, Socketio, Flask). There is no agent needed on the VMs. Dimsi have implemented a feature to group the hosts based on their use (CloudStack Hosts or Management Hosts) and apply specific policies to the groups. In the CloudStack context, this product can help you backup and restore all your VMs easily if the hypervisors are KVM-based. Moreover, restoring the VMs is effortless because KVM and CloudStack use the same id for the VM disks, so no need to hack the database to match them.
Quentin Roccia : Senior DevOps engineer, Cloud enabler
Quentin is in charge of DIMSI custom developments on top of Apache Cloudtack deployment : customer portal, backup solutions.
On a daily basis, he helps our customers to build and improve Devops strategy, including GitLab, Cloudstack APIs and Python devs.
Quentin is the main contributor of KVM backup solution
Joffrey Luangsaysana : Senior Cloud engineer, Plateform specialist
Joffrey is responsible of our core plateform, including compute, storage, networking, and Apache Cloudstack services.
He is focused on providing maximum performances and uptime to our customer, and dedicated to guarantee fast and reliable customer VM’s backup.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 네트워크 - 권신중 AWS 솔루션...Amazon Web Services Korea
본 세션에서는 AWS 클라우드 상의 논리적으로 격리된 가상의 데이터센터인 VPC의 개념, 생성 절차, 온프레미스 데이터센터와의 연결을 포함한 VPC의 다양한 확장 시나리오 및 확장에 필요한 요소 기술을 살펴봅니다. 또한, 확장 가능한 어플리케이션 구현에 필수적인 AWS의 Load Balancer 서비스의 특징과 선택 시 고려사항을 알아 보도록 하겠습니다.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌BESPIN GLOBAL
지난 11월 Bespin Gaming Day 행사의 발표 자료를 통해 AWS에서 컨테이너를 활용하는 방법을 알아보겠습니다.
AWS에서는 사용 목적에 따라 다양한 컨테이너 서비스를 제공합니다.
- Management 스케쥴링, 스케일링, 배포, 전략: Amazon ECS, Amazon EKS
- Hosting 컨테이너가 수행되는 곳: Amazon EC2, AWS Fargate
- Image Registry 컨테이너 이미지 저장소: Amazon ECR
컨테이너 및 쿠버네티스 관련 서비스 중 Amazon EKS, Amazon ECS, AWS Fargate에 대해 보다 자세히 살펴보실 수 있습니다.
2018년 12월 12일에 촬영한 한국어 웨비나입니다. Cloudflare는 적용이 빠르고 DDoS 방어에 효과적이라는 이점이 있어 소위 Under Attack이라고 불리는, DDoS 공격을 실시간으로 받고 있어 빠르게 방어책을 적용해야 하는 고객사를 많이 받는 편입니다. 이 페이지를 통해 많이 sign up 하십니다. 반면에 이미 Cloudflare를 사용하고 있어도, 오리진 서버를 전체공개 하셨다든지 필요한 설정이 정확하게 되어 있지 않으면 공격자에게 취약한 부분을 감지당해 Cloudflare를 적용하고도 공격을 받으시는 경우가 발생하기도 합니다. 이 웨비나는 어떤 Plan이든 Cloudflare를 사용하시는 고객께서 정확한 설정으로 DDoS 방어 효과를 잘 누리셨으면 해서 촬영했습니다.
Moody’s Analytics offers unique tools for measuring and managing risk through expertise and experience in credit analysis, economic research, and financial risk management. In this presentation, Senior Director of Software Engineering Marcelo Schnettler discusses the benefits of running EDF (Expected Default Frequency) 9 in the AWS cloud, including ability to scale up and replicate test environments as needed, quicker development processes, and scalable and on-demand computing. Because of these benefits, EDF 9 is constantly innovating and able to scale per customer demand.
Using Rook to Manage Kubernetes Storage with CephCloudOps2005
Moh Ahmed and Raymond Maika presented 'Using Rook to Manage Kubernetes Storage with Ceph' at Montreal's first Cloud Native Day, which took place on June 11 in Montreal.
Learn how you'll be able to quickly develop, host, and scale applications within the AWS cloud with Red Hat's OpenShift. During this session, we walk you thru the straightforward method of deploying and managing your own Linux based application within the AWS cloud and will additionally discuss key use-cases and advantages to container platform configuration, deployment, and administration.
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
Amazon VPC 내의 주요 자원을 보호하거나 규정 준수를 위해 사용되어야 하는 보안 어플라이언스의 효율적인 구성을 돕는 AWS Gateway Load Balancer의 사용 방법과 동작 원리를 알려 드립니다. Amazon VPC 내부에서 인터넷 사이트의 접근을 제한하거나 외부로부터의 침입 탐지 및 차단 기능을 사용할 수 있는 IPS 기능을 포함하는 AWS 의 관리형 방화벽인 AWS Network Firewall 의 사용 방법과 구성 가능한 다양한 레퍼런스 케이스에 대해서도 설명해 드립니다.
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHenning Jacobs
Many clusters, many problems? Having many clusters has benefits: reduced blast radius, less vertical scaling of cluster components, and a natural trust boundary. In this session, Zalando shows its approach for running 140+ clusters on AWS, how it does continuous delivery for its cluster infrastructure, and how it created open-source tooling to manage cost efficiency and improve developer experience. The company openly shares its failures and the learnings collected during three years of Kubernetes in production.
AWS re:Invent session OPN211 on 2019-12-05
Deep dive in container service discoveryDocker, Inc.
Service discovery and traffic load-balancing in the container ecosystem relies on different technologies, such as IPVS and iptables, and container orchestrators use different approaches. This talk will present in details how Docker Swarm and Kubernetes achieve this. The talk will continue with a demo showing how applications that are not managed by Kubernetes can take advantage of its native load-balancing. Finally, it will compare these approaches to service-mesh solutions.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi
TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
Join us to learn the concepts and terminology of Kubernetes such as Nodes, Labels, Pods, Replication Controllers, Services. After taking a closer look at the Kubernetes master and the nodes, we will walk you through the process of building, deploying, and scaling microservices applications. Each attendee gets $100 credit to start using Google Container Engine. The source code is available at https://github.com/janakiramm/kubernetes-101
Dimsi have developed a backup solution for Virtual Machines based on KVM hypervisors. Every layer of the product uses Open Source libraries or components (Python, VueJS, Celery, Borg Backup, Redis, Socketio, Flask). There is no agent needed on the VMs. Dimsi have implemented a feature to group the hosts based on their use (CloudStack Hosts or Management Hosts) and apply specific policies to the groups. In the CloudStack context, this product can help you backup and restore all your VMs easily if the hypervisors are KVM-based. Moreover, restoring the VMs is effortless because KVM and CloudStack use the same id for the VM disks, so no need to hack the database to match them.
Quentin Roccia : Senior DevOps engineer, Cloud enabler
Quentin is in charge of DIMSI custom developments on top of Apache Cloudtack deployment : customer portal, backup solutions.
On a daily basis, he helps our customers to build and improve Devops strategy, including GitLab, Cloudstack APIs and Python devs.
Quentin is the main contributor of KVM backup solution
Joffrey Luangsaysana : Senior Cloud engineer, Plateform specialist
Joffrey is responsible of our core plateform, including compute, storage, networking, and Apache Cloudstack services.
He is focused on providing maximum performances and uptime to our customer, and dedicated to guarantee fast and reliable customer VM’s backup.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 네트워크 - 권신중 AWS 솔루션...Amazon Web Services Korea
본 세션에서는 AWS 클라우드 상의 논리적으로 격리된 가상의 데이터센터인 VPC의 개념, 생성 절차, 온프레미스 데이터센터와의 연결을 포함한 VPC의 다양한 확장 시나리오 및 확장에 필요한 요소 기술을 살펴봅니다. 또한, 확장 가능한 어플리케이션 구현에 필수적인 AWS의 Load Balancer 서비스의 특징과 선택 시 고려사항을 알아 보도록 하겠습니다.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌BESPIN GLOBAL
지난 11월 Bespin Gaming Day 행사의 발표 자료를 통해 AWS에서 컨테이너를 활용하는 방법을 알아보겠습니다.
AWS에서는 사용 목적에 따라 다양한 컨테이너 서비스를 제공합니다.
- Management 스케쥴링, 스케일링, 배포, 전략: Amazon ECS, Amazon EKS
- Hosting 컨테이너가 수행되는 곳: Amazon EC2, AWS Fargate
- Image Registry 컨테이너 이미지 저장소: Amazon ECR
컨테이너 및 쿠버네티스 관련 서비스 중 Amazon EKS, Amazon ECS, AWS Fargate에 대해 보다 자세히 살펴보실 수 있습니다.
2018년 12월 12일에 촬영한 한국어 웨비나입니다. Cloudflare는 적용이 빠르고 DDoS 방어에 효과적이라는 이점이 있어 소위 Under Attack이라고 불리는, DDoS 공격을 실시간으로 받고 있어 빠르게 방어책을 적용해야 하는 고객사를 많이 받는 편입니다. 이 페이지를 통해 많이 sign up 하십니다. 반면에 이미 Cloudflare를 사용하고 있어도, 오리진 서버를 전체공개 하셨다든지 필요한 설정이 정확하게 되어 있지 않으면 공격자에게 취약한 부분을 감지당해 Cloudflare를 적용하고도 공격을 받으시는 경우가 발생하기도 합니다. 이 웨비나는 어떤 Plan이든 Cloudflare를 사용하시는 고객께서 정확한 설정으로 DDoS 방어 효과를 잘 누리셨으면 해서 촬영했습니다.
Moody’s Analytics offers unique tools for measuring and managing risk through expertise and experience in credit analysis, economic research, and financial risk management. In this presentation, Senior Director of Software Engineering Marcelo Schnettler discusses the benefits of running EDF (Expected Default Frequency) 9 in the AWS cloud, including ability to scale up and replicate test environments as needed, quicker development processes, and scalable and on-demand computing. Because of these benefits, EDF 9 is constantly innovating and able to scale per customer demand.
Interactive Agencies: Managing Media Transcoding.
A discussion of batch processing, optimising for throughput, cost, spot instances and reserved capacity with Amazon EC2.
40, 1173 & 516. What do these numbers mean? Since inception AWS has introduced more than 40 major new services, released over 1173 new services and features, with 516 new features and services announced in 2014 alone. How you use the AWS platform last year may be very different to how you utilise it today to maximize innovation, outcomes and remaining competitive. In this advanced technical session an AWS Solution Architect will address technical requirements for successfully deploying and managing applications on the AWS platform, how solutions were potentially architected previously, both off-cloud and on-cloud, and some of the best practice recommendations on AWS today.
Speaker: Dean Samuels, Solutions Architect, Amazon Web Services
Review this webinar to learn how to use the variety of AWS storage services and features to deploy backup and archiving solutions that are low cost and easy to deploy, manage and maintain. We will present reference architectures, best practices and use cases based on AWS services including Amazon S3, Glacier and Storage Gateway. Special topics will include how to move your data securely into the AWS cloud, how to retrieve and restore your data, and how to back-up on-premises data to the cloud using Amazon Storage gateway and other third party storage gateways.
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013Amazon Web Services
In this session, Peter De Santis, VP of Compute Services will provide an overview of the key priorities for Amazon Elastic Compute Cloud (Amazon EC2). In this session, you will hear about some of the most innovative ways in which customers are using Amazon EC2, learn more about key capabilities launched over the past year, and gain insights into the near term roadmap and priorities.
Everything You Need to Develop Apps Faster and Scale to Millions of UsersAmazon Web Services
Mobile app development can be complex and time-consuming. In this session, we will demonstrate how AWS Mobile Services makes it easier for you to develop mobile apps by providing a single, integrated experience for discovering, provisioning, and configuring AWS cloud resources.
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...Amazon Web Services
This webinar covers both introductory as well as advanced topics related to ElastiCache and is intended for current memcached users as well as those already using ElastiCache. During this session we will go over various scenarios and use-cases that can benefit by enabling caching, discuss the features provided by ElastiCache, and review best-practices, design patterns, and anti-patterns related to ElastiCache. The webinar will also include a demo where we enable ElastiCache for a web application and show the resulting performance improvements.
Review this content as Amazon Web Services' (AWS) experts share best practices that are helping libraries save money, be more flexible and cope with the ever-increasing volume of data they are facing.
We will introduce you to AWS Cloud services and explore typical library use cases on AWS with a particular focus on storage and archiving use cases that provide exceptional durability and cost savings.
Amazon EC2 forms the backbone compute platform for hundreds of thousands of AWS customers, but how do you go beyond starting an instance and manually configuring it? In this webinar we will take you on a journey starting with the basics of key management and security groups and ending with an explanation of Auto Scaling and how you can use it to match capacity and costs to demand using dynamic policies.
Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Amazon Web Services
Learning Objectives:
• Learn how to use CloudFront dynamic delivery features • See a live demo and learn how to take advantage of Cloud Front newest features
Traditionally, content delivery networks (CDNs) were designed to accelerate static content. Amazon CloudFront supports delivery of an entire website, including dynamic, static, streaming and interactive content using a global network of edge locations. CloudFront integrates with other AWS services that are built to scale massively. Together, the solution can automatically scale to millions of users by leveraging the global reach of CloudFront and the auto scaling capability of AWS platform. In this talk, we introduce you to various design patterns and best practices to build a massively scalable solution using CloudFront. We discuss how this scale can be achieved without compromising on availability, security or cost.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
In this session, we dive deep into how you can integrate Amazon CloudFront and related services into your application, be agile in developing and adapting the application, and follow best practices when configuring the services to improve security and performance, all while reducing costs. Attend this session and learn how to avoid needless forwarding of headers and cookies, test your application when making changes to the origin, version your configuration changes, monitor usage and automate security, create templates for new distributions, configure SSL/TLS certificates, and more.
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
In this session, we dive deep into how you can integrate Amazon CloudFront and related services into your application, be agile in developing and adapting the application, and follow best practices when configuring the services to improve security and performance, all while reducing costs. Attend this session and learn how to avoid needless forwarding of headers and cookies, test your application when making changes to the origin, version your configuration changes, monitor usage and automate security, create templates for new distributions, configure SSL/TLS certificates, and more.
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Amazon Web Services
Traditionally, content delivery networks (CDNs) were known to accelerate static content. Amazon CloudFront has come a long way and now supports delivery of entire websites that include dynamic and static content. In this session, we introduce you to CloudFront’s dynamic delivery features that help improve the performance, scalability, and availability of your website while helping you lower your costs. We talk about architectural patterns such as SSL termination, close proximity connection termination, origin offload with keep-alive connections, and last-mile latency improvement. Also learn how to take advantage of Amazon Route 53's health check, automatic failover, and latency-based routing to build highly available web apps on AWS.
Dynamic Content Acceleration: Amazon CloudFront and Amazon Route 53 (ARC309) ...Amazon Web Services
Traditionally, content delivery networks (CDNs) were known to accelerate static content. Amazon CloudFront has come a long way and now supports delivery of entire websites that include dynamic and static content. In this session, we introduce you to CloudFront’s dynamic delivery features that help improve the performance, scalability, and availability of your website while helping you lower your costs. We talk about architectural patterns such as SSL termination, close proximity connection termination, origin offload with keep-alive connections, and last-mile latency improvement. Also learn how to take advantage of Amazon Route 53's health check, automatic failover, and latency-based routing to build highly available web apps on AWS.
SRV206 Getting Started with Amazon CloudFront Content Delivery NetworkAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)Amazon Web Services
End users expect to be able to view static, dynamic, and streaming content anytime, anywhere, and on any device. Amazon CloudFront is a web service that accelerates delivery of your websites, APIs, video content, or other web assets to end users around the globe with low latency, high data transfer speeds, and no commitments. In this session, learn what a content delivery network (CDN) such as Amazon CloudFront is and how it works, the benefits it provides, common challenges and needs, performance, recently released features like HTTP/2 and IPV6 support, pricing, and examples of how customers are using CloudFront.
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Amazon Web Services
Learn more about AWS Lambda@Edge (https://aws.amazon.com/lambda/edge/) and Amazon CloudFront (https://aws.amazon.com/cloudfront/).
Attend this session to dive deeper into AWS content delivery service and Amazon CloudFront. Learn how you can use CloudFront to accelerate the delivery of your APIs or applications, including content that cannot be cached, to global clients.
Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, Custo...Amazon Web Services
In this series of technical flash talks, learn directly from Amazon CloudFront engineers about best practices on security, caching, measuring performance using Real User Monitoring (RUM), and customizing content delivery with Lambda@Edge.
In this series of technical flash talks, learn directly from Amazon CloudFront engineers about best practices on security, caching, measuring performance using Real User Monitoring (RUM), and customizing content delivery with Lambda@Edge.
An overview of one of the worlds largest content delivery networks, how it is used for accerlation of websites and applications for dynamic and static content. We will cover recent feature additions including integration of the new AWS WAF and other security features.
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
In this series of 15-minute technical flash talks you will learn directly from Amazon CloudFront engineers and their best practices on debugging caching issues, measuring performance using Real User Monitoring (RUM), and stopping malicious viewers using CloudFront and AWS WAF.
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Similar to Best practices for content delivery using amazon cloud front (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
3. Our growing global footprint…
North America South America EMEA APAC
POPs
Cities
Countries
Continents
AWS Region CloudFront Edge Location@cloudfront
4. We have been busy building features…
• Second Edge
Location in
Seoul, Korea
• Smooth Streaming
Support
• SSL SNI Support
• HTTP to HTTPS Redirect
• CloudFront Usage Charts
• EDNS- Client-Subnet
Support
• Free Tier
• AWS CloudTrail Support
• Device Detection, Geo Targeting,
Host Header Forwarding, and
CORS Support
• Edge Location in
Melbourne
Dec
13
Feb
14
Mar
14
Apr
14
May
14
Jun
14
Jul
14
Aug
14
• Advanced SSL features:
Session Tickets, OCSP
Stapling and Perfect Forward
Secrecy
Sep
14
Oct
14
• Support for
Wildcard cookies
• OPTIONS caching
Jan
15
• 5 Cache Stat Reports
• Popular Objects Report
• More Timely CloudFront
Access Logs
Nov
14
Dec
14
• Price Drop
• Directory path as Origin Name
• Locations, Browsers, OS and
Top Referrers
Mar
15
• Signed Cookies
• Smart TV Detection
@cloudfront
Feb
15
9. What are Static Assets?
Content is static: Images, JS, CSS, Fonts, Software
It can be distributed to more than one user
State of the object doesn't change for: sec, min, hours,..
Caching is a way to serve static content to more than
one user
@cloudfront
10. #1. Use Amazon S3 for Static Assets
Free data transfer from Amazon S3 to CloudFront
Decrease load on web server
Highly available & scalable
@cloudfront
11. #2. Control Access to Content on Amazon S3
Origin Access Identity (OAI)
Content can be accessed ONLY via CloudFront
Why use OAI?
• Ensures content is not leaking
• S3 URLs not being used anywhere
@cloudfront
12. #3. Control Access to Content on CloudFront
Amazon CloudFront Private Content
(Paid subscribers, premium customers etc.)
Signed URLs or Signed Cookies
When to use?
• Signed URLs: Marketing email
• Signed Cookies: Streaming, whole site authentication
Region
Access Denied
Access Denied
@cloudfront
13. #4. Cache at Every Layer: Browser Caching
Set max-age or expiry date in your headers
(e.g. Cache-Control: max-age=3600)
HTML5 application cache
Helps eliminate network latency
But… browser cache size is limited
(e.g. IE is 8-50M, Chrome is < 80M, Firefox is 50MB, etc.)
@cloudfront
14. #5. Cache at Every Layer: Edge Caching
Set High TTLs for intermediary caches
(e.g. Cache-Control: max-age=3600, s-maxage=86400)
Don’t forward Headers, Query Strings or Cookies
Note: You do need to forward the relevant headers if you’re doing CORS
In other words, use CloudFront defaults
@cloudfront
15. #6. Version Your Objects
Versioning allows for easy updates and roll backs
Use file name or query string to version; no additional API
calls are needed
Set High TTLs on objects that change infrequently
Each version is treated as a unique object in the browser
cache
@cloudfront
17. What is Dynamic Content?
Content unique to every request
(Example: /index.php)
Content changes frequently (seconds, minutes), but
NOT unique for every request
(Example: weather updates, API, etc.)
Content changes based on end user request (query
string, cookies, headers)
(Example: mobile vs. desktop users, search keywords in query string, etc.)
@cloudfront
18. #7. Cache Everything Possible
CloudFront supports TTLs as low as 0 seconds, no-cache,
no-store, etc.
Most content can be cached, even if it is for a few seconds
Benefits of setting a low TTL
• CloudFront supports “If-Modified-Since” and “If-None-Match” when object in the cache has
expired
• CloudFront will serve stale content if origin is unavailable and object is in cache
• Helps you offload your origin load
@cloudfront
19. Cache Everything Possible.. Cont'd
Top 50 objects: CloudFront Popular Objects Report
Find content that can be cached for any period of time: hours,
minutes or seconds
@cloudfront
20. #8. Use Multiple Cache Behaviors
ONLY forward required headers
• Example: don’t forward cookies for /images
Avoid forwarding the User-Agent header
• Instead use the Is-Mobile-Viewer, Is-Tablet-Viewer, Is-Desktop-Viewer, or Is-SmartTV-Viewer header values
Avoid forwarding ALL cookies
• Instead, forward only the select cookies that you use to vary your content
@cloudfront
22. What is Streaming Media?
Live Streaming (e.g. a concert)
On Demand Streaming (e.g. a recent movie)
Audio Streaming (e.g. podcasts or music)
Typically involves delivering the manifest file, media files,
and player
@cloudfront
23. #9. Set The Right TTLs
Manifest File
• Set Low TTL (e.g. 2 seconds)
Media Files
• High TTLs (e.g. 60 seconds)
Media Player
• Static: Store in Amazon S3 and distribute via CloudFront
• Set High TTL (e.g. 24 hours)
@cloudfront
24. #10. Use HTTP Based Streaming Protocols
Use CloudFront Web distributions to deliver multi-bitrate streaming
Use CloudFront with media servers running on Amazon EC2 for live
streaming (for high-availability and flexibility)
Use Fragmented streaming formats such as Smooth Streaming
(native support in CloudFront), HLS, etc.
Don’t forward any headers, cookies, query strings
Use Signed Cookies instead of Signed URLs
@cloudfront
26. #11. Use Monitoring, Alarming & Notifications
Near Real-Time Monitoring & Alarming via
CloudWatch
Six Metrics Available
• Requests, Bytes Downloaded, Bytes Uploaded, 4xx Error
Rate, 5xx Error Rate, Total Error Rate
• No additional cost for Monitoring
• Set Alarms and Notifications
@cloudfront
27. #12. Always Configure Custom Error Pages
Custom error pages help
improve customer experience
Deliver error pages from
Amazon S3
Set low error caching minimum
TTL (e.g. 15 seconds)
@cloudfront
28. #13. Design for Failure
What happens if the origin fails to respond to
CloudFront?
Region
CloudFront
@cloudfront
29. Design for Failure …Cont’d
With Amazon Route 53 you can health check your origin
Region
Route53
Health
Check
Health
Check
@cloudfront
30. Design for Failure …Cont’d
Failures can be detected by Route 53 health checks
Region
Route53
Health
Check
Health
Check
CloudFront
@cloudfront
31. Design for Failure …Cont’d
The traffic shifts to the healthy instances or load-
balancers instead
Region
Route53
Health
Check
Health
Check
CloudFront
@cloudfront
32. #14. More Caching = Higher Availability
Cache everything possible!
If your origin server is unavailable and you don’t have a
backup origin server, or you don’t configure custom error
pages…
CloudFront will automatically serve the stale object (if
object is in cache), for the duration of error caching
minimum TTL
@cloudfront
34. #15. Use End-to-End HTTPS
CloudFront supports HTTPS between browser
and edge, as well as between edge and origin
Set match-viewer for your Origin protocol
policy
Configure HTTP to HTTPS redirect for each
cache behavior
@cloudfront
BROWSER EDGE ORIGIN
Full-Bridge
35. #16. Use AWS IAM and AWS CloudTrail
Create IAM users to regulate access to the Amazon
CloudFront APIs (or console)
Use AWS CloudTrail to record CloudFront API calls
history for security analysis, resource change tracking,
and compliance auditing
No additional CloudFront cost for using these services
@cloudfront
37. #17. Multiple Options to Optimize SSL Costs
Use the *.cloudfront.net SSL certificate
Two options for Custom SSL: SNI vs.
Dedicated IP
Use CloudFront Reports to identify
Browser/OS Version
Seamlessly switch between SSL Options
@cloudfront
38. Optimizing SSL Costs …Cont’d
SSL certificate pricing is per IAM certificate ID
You may associate a single SSL certificate with multiple
distributions under the same AWS account
If you have multiple second level domains that you serve over
SSL, use a single UCC certificate with all domains listed
For multiple third level domains served over SSL, use a wildcard
certificate
@cloudfront
39. #18. Use Price Classes to Optimize Delivery Costs
Price Class
• Price Class All – Use All Edge Locations
• Price Class 200 – Use Edge Locations in US, EU, Asia & Japan
• Price Class 100 – Use Edge Locations in US and EU ONLY
Use the more appropriate Price Class where applicable
• If your end users are primarily in the US & EU
• Use the viewer location report to determine viewer geo distribution
• Switching between Price Classes is seamless
@cloudfront
40. #19. Domain Sharding
Most browsers open a limited number of parallel connections to the
same domain
Shard assets over multiple domains; however it’s a balancing act
Use multiple CNAME aliases to serve content from a CloudFront
distribution
Use CloudFront Wildcard CNAMEs & Use Wildcard SSL Certificate
@cloudfront
41. #20. Use Route 53 ALIAS Records
Use Amazon Route 53 to route queries to your CloudFront
distribution
Why use Route 53 ALIAS records?
• DNS queries to ALIAS records are free of charge
• Unlike CNAMEs, you can create an ALIAS record for your zone apex
• Using an ALIAS record results in less DNS lookups when resolving
your CNAME to your CloudFront distribution
@cloudfront
43. #21. Use Reports to Personalize Your Content
Geo-targeting to personalize content for your end users
How can you do that?
• Viewer reports shows top countries
• Use CloudFront to detect & forward end users’
country code
@cloudfront
44. #22. Turn-On Amazon CloudFront Access Logs
No additional cost for Amazon CloudFront’s logging
functionality
Run additional analytics for deep dive into your usage
Request IDs included in the logs can help when working with
AWS to debug an issue
Cookies & query strings may be logged even if you choose
not to forward these to the origin
@cloudfront
45. Join our Monthly Office Hour series
Register Here: http://aws.amazon.com/cloudfront/webinars/
Topic Date & Time Link
March CloudFront Office Hours (Streaming) 3/26/2015 10AM PT Register
April CloudFront Office Hours (Topic TBD) 4/15/2015 10AM PT Register
May CloudFront Office Hours (Topic TBD) 5/20/2015 10AM PT Register
June CloudFront Office Hours (Topic TBD) 6/17/2015 10AM PT Register
Q & A
@cloudfront