Amazon CloudFront Overview

Questions and Answers

What kind of content can CloudFront be used for?

Only static content

Only dynamic content

Both static and dynamic content (correct)

None of the above

Which of the following is NOT a benefit of using CloudFront?

Reduced cost

Increased security (correct)

High data transfer speeds

Low latency

What is an edge location in the context of CloudFront?

A region in AWS where data is stored

A physical location where data is stored (correct)

A software component that manages data distribution

A virtual server that handles user requests

What is the purpose of Regional Edge Caches in CloudFront?

To provide a larger cache for frequently accessed content

Which of the following is a valid origin for CloudFront?

An S3 bucket

What type of SSL certificates can CloudFront support?

Both wildcard and dedicated IP SSL certificates

How does CloudFront handle requests for dynamic content?

By forwarding the request directly to the origin

What is the benefit of using Perfect Forward Secrecy in CloudFront?

It reduces the risk of data breaches

What are the two types of CloudFront distributions?

Web Distribution and Live Streaming Distribution

How can you restrict access to content using CloudFront?

Using Origin Access Identities (OAIs) and setting a Viewer Protocol Policy

What is the default cache behavior of CloudFront?

The default cache behavior allows for a path pattern of /* and you must define additional cache behaviors to change the path pattern.

How long are objects cached by default in CloudFront?

24 hours

Which of the following is not a method of improving the cache hit ratio?

Setting a low TTL

What is the maximum TTL that can be set for CloudFront?

1 year

What is the minimum TTL that can be set for CloudFront?

0

Which of the following can be used to restrict access to content in an Amazon S3 bucket?

Origin Access Identity (OAI)

Which of the following is NOT a feature of CloudFront?

Object Storage

Which of the following is true about Amazon S3 static websites?

They are considered custom origins by CloudFront.

What is the 'Total error rate' metric in CloudFront?

The percentage of all viewer requests for which the response’s HTTP status code is 4xx, 5xx or both.

What is the difference between the 'Error rate by status code' metric and the 'Total error rate' metric?

The 'Error rate by status code' metric provides a detailed breakdown of error types within the 4xx and 5xx ranges.

Which of the following requests are NOT considered cacheable in CloudFront?

Requests resulting in a 4xx error

Which of the following metrics can be enabled for an additional cost?

Origin latency

What is 'Origin latency' in CloudFront?

The time taken for CloudFront to receive a request and start sending a response to the network.

Which of the following services can be used to analyze S3 access logs?

Amazon Athena

How can you view CloudFront requests in CloudTrail logs?

Update an existing CloudTrail trail to include global services.

What is the pricing model for CloudFront's reserved capacity?

You pay a fixed fee for a certain amount of data transfer over 12 months or longer.

What is the primary function of an Origin Access Identity (OAI) in CloudFront?

To restrict direct access to S3 buckets and prevent bypassing CloudFront controls.

How does Lambda@Edge function in the context of CloudFront?

It allows you to execute custom logic for manipulating requests and responses within CloudFront.

Which of the following statements is TRUE about CloudFront's security features?

CloudFront is PCI DSS compliant and supports HIPAA compliance as a HIPAA eligible service.

When would you use signed URLs in CloudFront?

To control access to your content by adding expiration dates and times.

What is the purpose of a custom error page in CloudFront?

To display a user-friendly message when an error occurs, such as a 403 Forbidden error.

What is the primary advantage of using origin failover in CloudFront?

It allows you to automatically switch to a different origin server if the primary server fails.

Which of the following statements is TRUE about CloudFront's monitoring and reporting capabilities?

CloudFront provides basic operational metrics for distributions and Lambda@Edge functions, at no extra charge.

How can you control access to content based on specific conditions using CloudFront?

By using AWS WAF and creating web access control lists (web ACLs) with specific rules.

What is the primary benefit of caching content at CloudFront's edge locations?

It ensures that all content is delivered from the closest edge location to the user, minimizing latency.

Which of the following is NOT a recommended practice for using CloudFront?

Configuring CloudFront to cache sensitive data, such as credit card information, at edge locations.

What does CloudFront use to route requests to the nearest edge location?

Geolocation of the user's IP address

Which of these is NOT a valid origin for CloudFront?

A Lambda function

What is the purpose of Regional Edge Caches in CloudFront?

To reduce the load on the origin server

Which of the following statements is TRUE about Regional Edge Caches?

They are not used for dynamic content

Which of the following statements is TRUE about CloudFront's Perfect Forward Secrecy?

It creates a new private key for each SSL session

What is the primary benefit of using a wildcard CNAME for CloudFront?

It simplifies DNS management by allowing a single CNAME to point to multiple origins

Which of the following is a feature supported by CloudFront?

Dedicated IP addresses

Which of the following is TRUE about CloudFront's edge locations?

They are not tied to specific Availability Zones or regions

Which of the following is a valid use case for CloudFront's Regional Edge Caches?

Caching frequently accessed static content, such as images and videos

Which of the following statements is TRUE about CloudFront's support for wildcard SSL certificates?

They allow you to use a single certificate for multiple subdomains within your CloudFront distribution

What must you specify when using an on-premises web server as a custom origin for CloudFront?

The DNS name, ports, and protocols

What is the minimum expiration time that can be set for objects cached in CloudFront?

0 seconds

Which type of distribution should be created for CloudFront live streaming?

Web Distribution

What is required before you can delete a CloudFront distribution?

It must be disabled first

How can you immediately revoke cached objects in CloudFront?

By using object invalidation

Which of the following methods can improve the cache hit ratio in CloudFront?

Using only GET requests

What is a key characteristic of an Origin Access Identity (OAI) in CloudFront?

It restricts access to content stored in an S3 bucket

What type of logs can S3 buckets generate when configured with CloudFront?

Request logs and access logs

What should be done to ensure CloudFront requests are logged in CloudTrail?

Update an existing trail to include global services

Which statement is true regarding the caching of dynamic content in CloudFront?

Dynamic content can be cached along with static content

What does Lambda@Edge allow you to adjust in CloudFront?

Requests and responses based on specific criteria

What role does an Origin Access Identity (OAI) play when used with CloudFront?

It restricts direct access to an S3 bucket

When should signed cookies be preferred over signed URLs?

When providing access to multiple restricted files without changing URLs

Which of the following correctly describes AWS WAF's functionality?

It allows monitoring and control of HTTP and HTTPS requests

For high availability in CloudFront, what must you configure?

At least two origins with an origin group

Which of the following is a characteristic of signed URLs?

They can carry an expiration date for access control

What is an important requirement when creating a web access control list (web ACL) for CloudFront?

Must be linked to the relevant CloudFront distribution

What is a benefit of using CloudFront's caching at edge locations?

It improves the load times by reducing latency

Which of the following is NOT typically included in the default CloudFront operational metrics?

Error response types

What should be avoided to maintain PCI DSS compliance with CloudFront?

Storing credit card information at edge locations

What is the definition of 'Total error rate' in CloudFront?

The percentage of all viewer requests for which the response’s HTTP status code is 4xx or 5xx.

Which of the following HTTP status codes is NOT included in the 'Error rate by status code' metric?

405

Which of the following is NOT a component of CloudFront's pricing model?

Requests made to CloudFront

What does 'Origin latency' measure in CloudFront?

The total time spent from when CloudFront receives a request to when it starts providing a response to the network.

Which of the following is NOT a feature of CloudFront's logging and auditing capabilities?

Providing detailed information about individual viewer requests in access logs

Which of the following statements is TRUE regarding additional metrics in CloudFront?

They must be enabled separately for each distribution.

Which of the following requests is considered cacheable in CloudFront?

HTTP GET requests for static content

What is the primary purpose of Amazon Athena in the context of CloudFront?

Analyzing access logs generated by S3 buckets

How can you ensure that CloudTrail captures CloudFront requests in its logs?

Update an existing CloudTrail trail to include global services

What is a primary benefit of using reserved capacity for CloudFront data transfer?

It reduces the overall cost of data transfer by providing a discounted rate.

What is the primary advantage of using CloudFront for content distribution?

Reducing latency and improving data transfer speeds

What is the purpose of an origin in CloudFront?

To store the original files that the CDN will distribute

What type of requests bypass Regional Edge Caches in CloudFront?

PUT/POST/PATCH/OPTIONS/DELETE requests for dynamic content

What is a characteristic of Edge Locations in CloudFront?

They are separate from AWS regions and Availability Zones

What is a benefit of using Regional Edge Caches in CloudFront?

They increase the cache width and reduce the load on origin servers

What is supported by CloudFront for SSL certificates?

Wildcard SSL certificates, Dedicated IP, Custom SSL, and SNI Custom SSL

What is a feature of CloudFront that allows for edge delivery of static content?

Edge Locations

What is the result of using Perfect Forward Secrecy in CloudFront?

It creates a new private key for each SSL session

What can be used as an origin for CloudFront?

S3 buckets, EC2 instances, Elastic Load Balancers, Route 53, and external sources

What is a benefit of using a wildcard CNAME in CloudFront?

It allows for easier domain validation

What is the default cache behavior path pattern for CloudFront?

/*

What is the minimum TTL that can be set for objects cached in CloudFront?

0 seconds

What is the primary purpose of an Origin Access Identity (OAI) in CloudFront?

To restrict access to content in an S3 bucket to only CloudFront

Which of the following methods can be used to restrict access to content in CloudFront?

All of the above

Which of the following services can be used to analyze S3 access logs?

Amazon Athena

What is the default cache behavior for CloudFront?

Only GET requests are cached

What is the primary benefit of using a wildcard CNAME for CloudFront?

It simplifies configuration by allowing a single CNAME to be used for all distributions

What is the purpose of Lambda@Edge in CloudFront?

To run custom code at CloudFront edge locations

How can you improve the cache hit ratio in CloudFront?

All of the above

Which of the following is a valid use case for CloudFront's signed URLs?

Providing access to protected content for a limited duration

What is the maximum TTL that can be set for objects cached in CloudFront?

1 year

What is the primary function of an Origin Access Identity (OAI) in CloudFront?

Restricting direct access to an Amazon S3 bucket while allowing CloudFront to access it

Which of these statements accurately describes how CloudFront's domain names are typically structured?

CloudFront creates a domain name like a232323.cloudfront.net and allows users to add custom domain names

What is the primary purpose of CloudFront's Regional Edge Caches?

Providing a way to cache content at edge locations closer to viewers to reduce latency

In the context of CloudFront, what is the purpose of a cache behavior?

Defining how CloudFront should respond to requests for a specific set of objects

How can you use Lambda@Edge to improve the performance of your CloudFront distribution?

By dynamically modifying the content being delivered based on user-specific criteria

Which of the following statements is TRUE about CloudFront's integration with AWS WAF?

AWS WAF can be used to restrict access to content based on conditions defined in a web ACL

What is the main purpose of the 'Bytes uploaded' metric in CloudFront?

Tracking the number of bytes that viewers have uploaded to the origin using POST and PUT requests

Which of the following is a recommended practice for using CloudFront?

Leveraging CloudFront's features to minimize the load on the origin server and improve content delivery performance

What is the primary benefit of using origin failover in CloudFront?

Increasing the availability of your content by routing requests to a backup origin server if the primary origin fails

What is the definition of the 4xx error rate?

The percentage of all requests that receive a status code between 400 and 499.

How is the total error rate calculated?

By summing the 4xx and 5xx error rates.

Which requests are considered cacheable in CloudFront?

Only GET and HEAD requests.

What does 'origin latency' refer to in CloudFront?

The time taken from receiving a request to starting a response to the origin.

Which of the following statements about logging in S3 buckets is true?

Access logs can track all requests made to the S3 bucket.

How can CloudTrail assist with logging in relation to CloudFront?

It captures information about all requests regardless of how they were made.

What are the available error codes tracked by the 'error rate by status code' metric?

400, 401, 403, 404

Which metric must be enabled for each CloudFront distribution for an additional cost?

Cache hit rate.

What is the primary function of reserved capacity in CloudFront?

It provides discounts for long-term data transfers.

What is the significance of updating a CloudTrail trail to include global services?

To enable logging for requests made to multiple AWS services.

Study Notes

Overview of Amazon CloudFront

• CloudFront is a web service for distributing content quickly and efficiently with low latency.
• Suitable for static content like images, videos, and software downloads, as well as dynamic and interactive content.
• Global service with automatic routing to the nearest edge location.

Edge Locations and Caching

• Edge locations cache content independently of AWS regions and Availability Zones.
• Requests are routed to the closest edge location for optimal performance.
• Regional Edge Caches act as larger caches situated between origin servers and edge locations, prolonging cache retention time.
• Dynamic content is fetched directly from the origin, bypassing regional edge caches.

Origins

• Origins are sources of content to be distributed, including Amazon S3, EC2 instances, and external servers.
• Amazon S3 buckets must be private by default, but access control allows objects to be publicly available or restrict access using signed URLs.
• Custom origins can be on-premises or non-AWS servers, requiring configuration of DNS names, ports, and protocols.

Distributions

• Distributions are required to deliver content via CloudFront and include various configurations.
• Two main types of distributions: Web Distribution for live streaming and media delivery.
• S3 buckets can log requests for analysis using Amazon Athena and are integrated with CloudTrail for tracking.

Cache Behavior and Management

• Cache behavior settings define functionalities for specific URL path patterns, allowing customization of caching rules.
• Objects have a default Time to Live (TTL) of 24 hours, with manual adjustment and invalidation options available.
• A good cache hit ratio maximizes efficiency and reduces load on origin servers.

Security Features

• Origin Access Identity (OAI) restricts direct access to S3 buckets, ensuring content is accessed via CloudFront.
• AWS WAF shields content access based on conditions in web access control lists, delivering custom error pages when needed.
• Security compliance includes PCI DSS and HIPAA, with recommendations against caching sensitive data.

Domain Management

• CloudFront generates domain names like a232323.cloudfront.net, with options for alternate domain names using Route 53 or CNAME records.
• Origin failover ensures high availability, requiring at least two origins for seamless content delivery.

Monitoring and Metrics

• Operational metrics in the CloudFront console include requests, bytes downloaded/uploaded, error rates, and cache hit ratio.
• Enhanced metrics such as origin latency and specific error rates require separate enabling and incur additional costs.

Logging and Auditing

• Access logs and cookie logs generated in S3 buckets can be analyzed with Amazon Athena.
• Integration with CloudTrail allows tracking of all requests to determine access patterns and user actions.

Cost Structure

• Charges based on data transfer, with options for reserved capacity.
• Cost-effective pricing for high data usage while not incurring fees for certain configurations or metrics.

Overview of Amazon CloudFront

• CloudFront is a web service for distributing content quickly and efficiently with low latency.
• Suitable for static content like images, videos, and software downloads, as well as dynamic and interactive content.
• Global service with automatic routing to the nearest edge location.

Edge Locations and Caching

• Edge locations cache content independently of AWS regions and Availability Zones.
• Requests are routed to the closest edge location for optimal performance.
• Regional Edge Caches act as larger caches situated between origin servers and edge locations, prolonging cache retention time.
• Dynamic content is fetched directly from the origin, bypassing regional edge caches.

Origins

• Origins are sources of content to be distributed, including Amazon S3, EC2 instances, and external servers.
• Amazon S3 buckets must be private by default, but access control allows objects to be publicly available or restrict access using signed URLs.
• Custom origins can be on-premises or non-AWS servers, requiring configuration of DNS names, ports, and protocols.

Distributions

• Distributions are required to deliver content via CloudFront and include various configurations.
• Two main types of distributions: Web Distribution for live streaming and media delivery.
• S3 buckets can log requests for analysis using Amazon Athena and are integrated with CloudTrail for tracking.

Cache Behavior and Management

• Cache behavior settings define functionalities for specific URL path patterns, allowing customization of caching rules.
• Objects have a default Time to Live (TTL) of 24 hours, with manual adjustment and invalidation options available.
• A good cache hit ratio maximizes efficiency and reduces load on origin servers.

Security Features

• Origin Access Identity (OAI) restricts direct access to S3 buckets, ensuring content is accessed via CloudFront.
• AWS WAF shields content access based on conditions in web access control lists, delivering custom error pages when needed.
• Security compliance includes PCI DSS and HIPAA, with recommendations against caching sensitive data.

Domain Management

• CloudFront generates domain names like a232323.cloudfront.net, with options for alternate domain names using Route 53 or CNAME records.
• Origin failover ensures high availability, requiring at least two origins for seamless content delivery.

Monitoring and Metrics

• Operational metrics in the CloudFront console include requests, bytes downloaded/uploaded, error rates, and cache hit ratio.
• Enhanced metrics such as origin latency and specific error rates require separate enabling and incur additional costs.

Logging and Auditing

• Access logs and cookie logs generated in S3 buckets can be analyzed with Amazon Athena.
• Integration with CloudTrail allows tracking of all requests to determine access patterns and user actions.

Cost Structure

• Charges based on data transfer, with options for reserved capacity.
• Cost-effective pricing for high data usage while not incurring fees for certain configurations or metrics.

Overview of Amazon CloudFront

• CloudFront is a web service for distributing content quickly and efficiently with low latency.
• Suitable for static content like images, videos, and software downloads, as well as dynamic and interactive content.
• Global service with automatic routing to the nearest edge location.

Edge Locations and Caching

• Edge locations cache content independently of AWS regions and Availability Zones.
• Requests are routed to the closest edge location for optimal performance.
• Regional Edge Caches act as larger caches situated between origin servers and edge locations, prolonging cache retention time.
• Dynamic content is fetched directly from the origin, bypassing regional edge caches.

Origins

• Origins are sources of content to be distributed, including Amazon S3, EC2 instances, and external servers.
• Amazon S3 buckets must be private by default, but access control allows objects to be publicly available or restrict access using signed URLs.
• Custom origins can be on-premises or non-AWS servers, requiring configuration of DNS names, ports, and protocols.

Distributions

• Distributions are required to deliver content via CloudFront and include various configurations.
• Two main types of distributions: Web Distribution for live streaming and media delivery.
• S3 buckets can log requests for analysis using Amazon Athena and are integrated with CloudTrail for tracking.

Cache Behavior and Management

• Cache behavior settings define functionalities for specific URL path patterns, allowing customization of caching rules.
• Objects have a default Time to Live (TTL) of 24 hours, with manual adjustment and invalidation options available.
• A good cache hit ratio maximizes efficiency and reduces load on origin servers.

Security Features

• Origin Access Identity (OAI) restricts direct access to S3 buckets, ensuring content is accessed via CloudFront.
• AWS WAF shields content access based on conditions in web access control lists, delivering custom error pages when needed.
• Security compliance includes PCI DSS and HIPAA, with recommendations against caching sensitive data.

Domain Management

• CloudFront generates domain names like a232323.cloudfront.net, with options for alternate domain names using Route 53 or CNAME records.
• Origin failover ensures high availability, requiring at least two origins for seamless content delivery.

Monitoring and Metrics

• Operational metrics in the CloudFront console include requests, bytes downloaded/uploaded, error rates, and cache hit ratio.
• Enhanced metrics such as origin latency and specific error rates require separate enabling and incur additional costs.

Logging and Auditing

• Access logs and cookie logs generated in S3 buckets can be analyzed with Amazon Athena.
• Integration with CloudTrail allows tracking of all requests to determine access patterns and user actions.

Cost Structure

• Charges based on data transfer, with options for reserved capacity.
• Cost-effective pricing for high data usage while not incurring fees for certain configurations or metrics.

Description

Learn about Amazon CloudFront, a web service that enables fast and efficient content distribution with low latency, suitable for various types of content.