Untitled Quiz

Questions and Answers

Do I need to update my alias records to enable IPv6 when using Route 53?

Yes, you can create Route 53 alias records to support both IPv4 and IPv6.

How will I be charged for my use of Amazon CloudFront?

Charges are based on Data Transfer Out, HTTP/HTTPS Requests, Invalidation Requests, and Dedicated IP Custom SSL certificates.

Are the prices for AWS services inclusive of taxes?

No, prices are exclusive of applicable taxes and duties.

How am I charged for 304 responses in Amazon CloudFront?

You will be charged for the HTTP/HTTPS request and the Data Transfer Out to Internet.

What factors influence how you are charged for Amazon CloudFront?

All of the above (D)

What can you do to lower the prices you pay to deliver content using Amazon CloudFront?

Use Price Classes (B)

Does Amazon CloudFront offer a Service Level Agreement (SLA)?

True (A)

Can I use the AWS Management Console with Amazon CloudFront?

True (A)

What tools and libraries work with Amazon CloudFront?

A variety of tools for managing the distribution and libraries for various programming languages.

Can I point my zone apex at my Amazon CloudFront distribution?

True (A)

Is regional edge cache feature enabled by default?

True (A)

How accurate is your GeoIP database?

99.8%

Is Amazon CloudFront PCI compliant?

True (A)

Is Amazon CloudFront HIPAA eligible?

True (A)

Is Amazon CloudFront SOC compliant?

True (A)

Does Amazon CloudFront cache POST responses?

False (B)

What are WebSockets?

False (B)

Does Amazon CloudFront support secured WebSockets over TLS?

True (A)

Can I deliver content over HTTPS using my own domain name?

True (A)

What is Field-Level Encryption?

False (B)

Can Amazon CloudFront protect my web applications from DDoS attacks?

Yes, using AWS Shield Standard.

What types of HTTP requests are supported by Amazon CloudFront?

All of the above (D)

What is the difference between SNI Custom SSL and Dedicated IP Custom SSL of Amazon CloudFront?

Both A and B (C)

Can I add or modify request headers forwarded to the origin?

Yes, you can configure Amazon CloudFront to add custom headers or override the value of existing headers.

How does Amazon CloudFront handle HTTP cookies?

Amazon CloudFront supports delivery of dynamic content using HTTP cookies.

How does Amazon CloudFront handle query string parameters in the URL?

A query string may be configured to be part of the cache key.

Is there a limit to the number of query parameters that can be whitelisted?

True (A)

What are the supported parameter types in Amazon CloudFront?

URI query parameters as defined in RFC3986.

Does CloudFront support gzip compression?

True (A)

What is streaming?

Streaming refers to delivering audio and video without downloading the media file prior to playback.

Does Amazon CloudFront support video-on-demand (VOD) streaming protocols?

True (A)

Can I use Amazon CloudFront if I expect usage peaks higher than 10 Gbps?

True (A)

Is there a limit to the number of distributions my Amazon CloudFront account may deliver?

Yes, for the current limit, refer to Amazon CloudFront Limits in the AWS General Reference.

What is the maximum size of a file that can be delivered through Amazon CloudFront?

20 GB.

Can I get access to request logs for content delivered through Amazon CloudFront?

True (A)

Does Amazon CloudFront offer ready-to-use reports for usage analysis?

True (A)

Can I tag my distributions?

True (A)

Can I get a history of all Amazon CloudFront API calls for auditing?

True (A)

Do you have options for monitoring and alarming metrics in real time?

True (A)

What is Lambda@Edge?

Lambda@Edge allows you to run code at global AWS edge locations without managing servers.

What events can be triggered with Amazon CloudFront?

Viewer request, viewer response, origin request, and origin response.

What is IPv6?

IPv6 is a new version of the Internet Protocol with a larger address space than IPv4.

Should I expect a change in Amazon CloudFront performance when using IPv6?

False (B)

Are there any Amazon CloudFront features that will not work with IPv6?

False (B)

If I want to use IPv6, can I use Trusted Signer URLs with IP whitelist?

False (B)

Can I disable IPv6 for all my new distributions?

True (A)

Are there any reasons why I would want to disable IPv6?

True (A)

What should I do if I enabled IPv6 for my distribution but cannot get DNS to return any IPv6 addresses?

Check if the network has IPv6 connectivity.

Study Notes

Amazon CloudFront Overview

• Amazon CloudFront has a Service Level Agreement (SLA) which provides service credits for uptime below their commitment.
• Users can manage Amazon CloudFront through the AWS Management Console without writing code, enabling low latency delivery for web content.

Tools and Libraries

• Various management tools and programming language libraries are available through the Amazon CloudFront resource center.
• Domain apex mapping (e.g., example.com) to CloudFront is done via Amazon Route 53 with Alias records, without extra charge for queries.

Regional Edge Cache

• Regional Edge Caches are strategically placed to enhance performance and reduce operational costs by keeping more content closer to end users.
• This caching layer is enabled by default in all CloudFront distributions and incurs no additional charges.

Geo Restriction and Content Control

• Geo Restriction allows content access based on the viewer's location, with 403 Forbidden status for restricted countries.
• The accuracy of the CloudFront GeoIP database is reported to be 99.8%.

Custom Error Messages and Cache Control

• Custom error messages can be configured for various HTTP errors to align with branding.
• By default, files in edge locations are checked for updates every 24 hours unless cache control headers specify otherwise.

Invalidation Requests

• Invalidation can remove files from edge locations; 3,000 invalidation requests are allowed concurrently per distribution.
• Exceeding invalidation limits will prompt an error response until existing requests are completed.

Compliance Standards

• Amazon CloudFront meets PCI DSS Merchant Level 1 compliance and is HIPAA eligible with a Business Associate Agreement (BAA).
• It complies with SOC (System & Organization Control) measures, with reports available through AWS Artifact.

HTTP and WebSocket Support

• Supported HTTP methods include GET, HEAD, POST, PUT, PATCH, DELETE, and OPTIONS.
• WebSocket protocol connections are established automatically with no additional configuration needed.

Security and Encryption

• HTTPS delivery can utilize custom domain names and SSL certificates via SNI or Dedicated IP models, with SNI available at no additional cost.
• Field-Level Encryption safeguards sensitive user data during uploads to the origin server and enhances security against internal access risks.

Content Delivery and Access Control

• CloudFront provides private content delivery with secure request signing to restrict file access.
• AWS Shield Standard is included to protect against common DDoS attacks, with AWS WAF available for custom security rules.

Header and Cookie Management

• Custom request headers can be added or modified when forwarding to the origin server for validation and request distinction.
• CloudFront can forward HTTP cookies for personalized content delivery and can log cookie values in access logs. Query string parameters can also be included in cache keys for dynamic content.### Query Parameters and Caching
• Amazon CloudFront allows specific query parameters to be used in cache keys through a whitelist feature.
• Up to 10 query parameters can be whitelisted for cache key configuration.
• Supported parameter types include URI query parameters as defined in RFC3986, specifically after the '?' character and separated by '&'.

Compression and Data Delivery

• CloudFront supports automatic gzip compression for text and binary data.
• Clients must include the Accept-Encoding: gzip header for compression to function.
• Streaming delivers audio and video without prior downloading, utilizing technologies like HLS, MPEG-DASH, HDS, and Smooth Streaming.

Video Streaming Protocols

• CloudFront supports on-demand video streaming for formats like HLS and MPEG-DASH, requiring conversion via AWS Elemental MediaConvert before being stored.
• Live streaming is also supported with services such as AWS Elemental MediaPackage and MediaStore.

Usage Limits

• Users can request higher limits for usage, accommodating over 10 Gbps or 15,000 requests per second.
• CloudFront distribution limits can be verified in the AWS service limits reference.

File Size and Logging

• The maximum file size for delivery through CloudFront is 20 GB.
• Access logs can be enabled for detailed request logging, which includes information like IP address, request time, and cache status.

Reporting Features

• CloudFront offers comprehensive reporting options to monitor cache statistics, user locations, and overall usage.
• Reporting can be accessed through the AWS Management Console.

Cost Allocation and Tagging

• Cost allocation tagging is supported to categorize and monitor spending across AWS resources.
• Tags can help group resources by various criteria such as project or application name.

API Call History and Monitoring

• AWS CloudTrail can be used to access the history of all API calls made within an account.
• Amazon CloudWatch enables real-time monitoring and alerting for performance metrics.

Lambda@Edge Functionality

• Lambda@Edge allows execution of custom code at AWS edge locations without server management.
• Code can be triggered by specific events within the CloudFront request flow, such as Viewer Request or Origin Response.

IPv6 Support

• IPv6 utilizes a larger address space than IPv4, allowing for approximately 340 trillion trillion unique addresses.
• CloudFront fully supports IPv6, ensuring no performance changes when compared to IPv4.
• Separate distributions should be used for Trusted Signer URLs with IP whitelists and to accommodate both IPv4 and IPv6 access.

Pricing Structure

• CloudFront charges based on Data Transfer Out, HTTP/HTTPS Requests, Invalidation Requests, and Dedicated IP Custom SSL certificates.
• New AWS customers receive a free usage tier for CloudFront, including 50 GB Data Transfer Out and 2 million HTTP/HTTPS requests each month for the first year.
• Data transfer from AWS origins to CloudFront is free for all AWS regions.

Tax Considerations

• Pricing for CloudFront services generally excludes applicable taxes, duties, and fees, except for specific conditions outlined for certain regions, such as Japanese Consumption Tax.### Understanding 304 Responses
• A 304 response indicates that the requested content has not changed, leading to no message body being sent.
• Charges for a 304 response include costs for the HTTP/HTTPS request and Data Transfer Out to the Internet.
• Data transfer fees are incurred due to HTTP headers, impacting overall bandwidth usage.

Amazon CloudFront Price Classes

• Price Classes allow selection of less expensive Amazon CloudFront regions to reduce delivery costs.
• By default, CloudFront uses its global network to minimize end-user latency in content delivery.
• Certain regions may incur higher costs due to elevated service fees, leading to increased charges for users in those areas.

Configuring Price Classes

• Users can configure CloudFront distributions through the AWS Management Console or Amazon CloudFront API.
• Choosing a Price Class that excludes some locations may result in higher latency for viewers in those excluded geographic areas.
• Occasionally, CloudFront may still serve from edge locations outside the selected Price Class, but charges will apply only for the least expensive option within the chosen class.

Performance Considerations

• If performance is prioritized, opting for all locations is recommended for optimal low latency.
• Customization through Price Classes provides flexibility in balancing cost and performance based on specific content delivery needs.