Download presentation
Presentation is loading. Please wait.
1
CloudFront: Living on the Edge
Stephen J. Butler Technology Services, Lead Software Developer
2
Overview AWS Global Infrastructure Technology Cache Behaviors
CDN Whole Site (Simple) Whole Site (Advanced) Multi/Micro-service Errors and Invalidations Web Application Firewall (WAF)
3
AWS Global Infrastructure
Availability Zone (AZ) One or more data centers Low latency connections Replicated data Redundant power Regions Physical geographic area Collection of AZ’s
4
AWS Global Infrastructure
What are the blue dots?
5
AWS Global Infrastructure
Edge Locations 50 cities vs. 16 regions; including Chicago and St. Louis Faster delivery of content Cheaper bandwidth costs (vs. regional resource) Data centers hosting CloudFront and Route53
6
Technology Acts like a caching or reverse proxy server Configuration
Web Distribution Custom domains (CNAMEs) must be listed: example.illinois.edu HTTPS via SNI or dedicated IP ($$$) HTTP/1.0, HTTP/1.1, and HTTP/2 IPv4 and IPv6 Origins Where CloudFront gets objects from Host: origin.example.illinois.edu Protocol: HTTP, HTTPS, or Match Viewer Custom Headers (sent with every request)
7
Technology
8
Technology Price Class 100 Price Class 200 Price Class All
$0.085/GB-mo US $0.140/GB-mo Canada Hong Kong South America ($0.250/GB-mo) Europe Philippines South Korea Australia ($0.140/GB-mo) Singapore Taiwan Japan India ($0.170/GB-mo)
9
Cache Behaviors Rules for caching each request
Simple path patterns; wildcards = * and ? Cache Methods: HEAD, GET, OPTIONS (optional) Cache TTL: min, max, and default Query Strings Forward all, whitelist cached Manage updates of static assets: ver=XXX Cookies Whitelist the ones you need Cached differently for logged in users Common: PHPSESSID; JSESSIONID; wordpress_* and wp-settings-* Headers Forward all: no caching Whitelist only the ones you need (Common: Host, Origin) User-Agent: CloudFront-Is-Desktop-Viewer; CloudFront-Is-Mobile-Viewer; CloudFront-Is-Tablet-Viewer
10
Cache Behaviors Example Requests Path: /static/foo.jpg
Default (*) Path: /static/my-app/foo.jpg static/notmy-app/* static/my-app/* Path: /static-stuff/my-app/foo.jpg
11
Cache Behaviors: CDN Origin: S3 bucket (cdn.example.illinois.edu.s3.amazonaws.com) Patterns: Default is probably fine Cache TTL: adjust min, max, and default to desired cache time Query Strings: None Cookies: None Headers: None
12
Cache Behaviors: Simple
Origin: origin.example.illinois.edu /static/* TTLs: min = 1 day; max = 1 week; default = 1 day Query String and Cookies: none Headers: Host, Origin /uploads/* TTLs: min = 1 hour; max = 1 day; default = 1 hour Query String: None Cookies: sessionid, _shibsession_* Default (*) Headers: forward all (disables caching)
13
Cache Behaviors: Advanced
Origin: origin.example.illinois.edu /static/* Same /uploads/* Default (*) Headers: Host, Origin Use Origin Cache Headers TTLs: min = 0; max = ; default = 0 Cookies: sessionid, _shibsession_* Will respond to standard Cache-Control headers
14
Cache Behaviors: Multi
Origins cdn.example.illinois.edu.s3.amazonaws.com foo-service.example.illinois.edu bar-service.example.illinois.edu main-service.example.illinois.edu /static/* Desired cache settings Origin: cdn.example.illinois.edu.s3.amazonaws.com /foo/* Origin: foo-service.example.illinois.edu /bar/* Origin: bar-service.example.illinois.edu Default (*) Origin: main-service.example.illinois.edu
15
Cache Behaviors: Multi
16
Errors and Invalidations
Error Responses (4xx and 5xx) Default TTL: 5 minutes Careful! Verify this is OK for things like "403 Forbidden" Can set custom error pages Invalidations Force objects to be invalidated from the cache List of path patterns Wildcard allowed only at the end /static/* /foo/* /bar/*
19
Web Application Firewall
20
Web Application Firewall
HTTP Protocol Firewall Create filters based on IP, Headers, Body Centralized rules across multiple websites CloudFront, ALB
21
Web Application Firewall
Regular Rules Patterns in the request IP Address Headers SQL Injection, XSS Rate Rules Same as regular rules Addes a rate of requests/time period API: possibilities for Splunk, Lambda, other logs analysis
22
Q&A Stephen J. Butler (sbutler1@illinois.edu) CloudFront
Technology Services, Lead Software Developer CloudFront WAF
Similar presentations
