GLOBAL CONTENT DELIVERY AND OPTIMIZATION

CloudFront Architecture (14:56)

Alt text Which problems CloudFront solves?

Alt text CloudFront - Terms

Alt text CloudFront - Regional Edge Cache & Edge Location

Alt text CloudFront - Distribution & Cache Behavior

CloudFront (CF) - Behaviours (9:21)

CloudFront’s Cache behavior settings

CloudFront - TTL and Invalidations (13:48)

Alt text CloudFront - Cache Hit

Alt text CloudFront - Stale Object

Alt text CloudFront - TTL

Alt text CloudFront - Invalidations

ACM (11:21)

Alt text AWS Certificate Manager (ACM) - Overview

Alt text AWS Certificate Manager (ACM) - Certificates

Alt text AWS Certificate Manager (ACM) - Regional Service

what types of services does acm support?

ACM supports: CloudFront, ALB.

ACM does NOT support: EC2.

which region an acm should be in?

The same with AWS resources:

An ALB in ap-southeast-1 needs a cert in ACM in ap-southeast-1.
CloudFront needs a cert in us-east-1. 👈 Global services are implicitly in us-east-1.

Alt text AWS Certificate Manager (ACM) - Architecture

CloudFront and SSL/TLS (14:59)

Alt text CloudFront & SSL

Alt text CloudFront & SNI

what is the problem between old browsers and ssl?

Old browsers don’t support SNI.

Alt text CloudFront & SSL/SNI

CloudFront (CF) - Origin Types & Origin Architecture (10:20)

CloudFront distributions supports various origins.

CloudFront Origin Settings

[DEMO] CloudFront (CF) - Adding a CDN to a static Website-PART1 (16:23)

[DEMO] CloudFront (CF) - Adding a CDN to a static Website-PART2 (12:24)

[DEMO] CloudFront (CF) - Adding an Alternate CNAME and SSL (11:12)

CloudFront - Security - OAI & Custom Origins (8:50)

Alt text Securing CF Content Delivery Path

Alt text Origin Access Identity (OAI)

Alt text OAI - In Action

⚠️ aws has introduced [oac](https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/) to replace oai.

Alt text Securing Custom Origins

CloudFront - Private Distribution & Behaviours (7:49)

Alt text Private Distributions (*behaviours)

Alt text CloudFront Signed URLs 🔗 vs Cookies 🍪

Alt text Private Distributions - Architecture

[DEMO] CloudFront (CF) - Using Origin Access Control (OAC) (new version of OAI) (11:21)

Lambda@Edge (8:03)

Alt text Lambda@Edge - Overview

Alt text Lambda@Edge - Architecture

Alt text Lambda@Edge - Use Cases (More)

Global Accelerator (10:29)

Alt text Global Accelerator - The Problem

Alt text Global Accelerator - Use Anycast to route traffic to AWS global backbone network

what is anycast?

Anycast is a network addressing and routing method in which incoming requests can be routed to a variety of different locations (called “nodes”).

Anycast IP allow a single IP to be in multiple locations.

Alt text Global Accelerator - Key Concepts

CloudFront Field-Level Encryption

Alt text CloudFront - Without Field-Level Encryption

Alt text CloudFront - With Field-Level Encryption

what does field-level encryption do?

Field-level encryption allows you to enable your users to securely upload sensitive information to your web servers.

CloudFront Geo Restriction (Geo-blocking)

Alt text CloudFront Geo Restriction

Alt text 3rd-Party GeoLocation Service

CDN and Optimisation Section Quiz