Where we are
Via Chambery 93/107-V 10142 – Torino
+39 011.5097366 | info@criticalcase.com
Via Industria 31/A, 6987 Caslano, Switzerland
+39 011.5097366 | info@criticalcase.com
Amazon CloudFront is a web service that accelerates the delivery of static and dynamic web content, such as image, .html, .css, and .js files, to users. CloudFront distributes your content across a worldwide network of data centers called edge locations.
When a user requests content that you distribute through Amazon CloudFront, the request is routed to the edge location that provides the lowest latency (delay) so that the distribution runs at the best possible performance.
If the content is already in the edge location with the lowest latency, Amazon CloudFront delivers it immediately.
If the content is not found at such an edge location, Amazon CloudFront retrieves it from a user-defined source, such as an Amazon S3 bucket, MediaPackage channel, or HTTP server (for example, a web server)
CloudFront accelerates content delivery by routing each user request through the AWS backbone network to the edge location that can best serve the content.
This is usually a CloudFront edge server which provides the fastest distribution for the viewer. The benefits are also evident in terms of reliability and availability, as copies of your files (also known as objects) are located (or cached) in multiple edge locations around the world.
AWS CloudFront CDN acts as an intermediary between the frontend hosting and the users. With CloudFront, you can cache HTML, CSS, JavaScript, and images. Since the cache is closer to the user, the content will be delivered with minimal latency.
You can also configure CloudFront with origin failover for fallback management in scenarios that require high availability.
The best advantage is that AWS CloudFront natively supports Amazon S3 integration, where you can host your own frontend artifacts. Plus, you can host your front end anywhere and continue serving through AWS CloudFront.
It is always useful to invalidate the cache when doing a new deployment to prevent browsers from retrieving old versions of files from the cache. AWS CloudFront now supports fast cache invalidation, allowing you to instantly deploy updates to your SPA while having the benefit of CDN caching.
Note: As a procedure, you can only invalidate files that have changed in the distribution. For example, if you are using Webpack with the default configuration, it is enough to invalidate the index.html as any modified JS and CSS will have new file names.
You can also use AWS Amplify to simplify cache deployments and invalidations with built-in optimizations.
If you are using an Amazon S3 bucket as the source for a CloudFront distribution, it is essential to restrict public access to S3.
Restricting access prevents someone from bypassing CloudFront and accessing content you want to keep safe via the Amazon S3 URL.
You wonder why it matters since it is the frontend assets that are meant to be public? The reason is that publishing via AWS CloudFront gives you more control, in that
Lambda @ Edge allows you to intercept HTTP requests that go through CloudFront. These functions are performed in CloudFront Edge Locations closer to the user, making it faster to respond or act on content in transit.
Some common use cases of Lamda @ Edge are:
If you need to learn more about Lamda @ Edge, you can consult the documentation provided by AWS.
Note: If you need simple needs like using hashless URLs only, there is a simple follow-up approach. Since the goal is to serve the index.html even a user goes directly to a path, we can set up CloudFront error handling on the index.html server if S3 returns the “resource not found” error with the error code 404.
Another best practice I encourage you to follow is using a compression method. With AWS CloudFront, you can serve your applications using Brotli or GZip and dramatically reduce your content download speed.
Faster downloads, especially for JavaScript and CSS files, can result in faster rendering of your SPA.
Also, because CloudFront’s data transfer costs are based on the total amount of data served, managing compressed files is less expensive than managing uncompressed files.
Brotli is a widely used lossless compression algorithm that often outperforms Gzip in terms of compression ratio. Compared to Gzip, CloudFront’s Brotli edge compression results in files up to 24% smaller.
Compression capabilities can be enabled through the CloudFront console, SDK, and command line interface. EnableAcceptEncodingGzip must be set to true to return Gzip compressed objects and EnableAcceptEncodingBrotli to true to return Brotli compressed objects. CloudFront will use Brotli when the viewer supports both formats.
The Chrome and Firefox web browsers support Brotli compression only when the request is sent over HTTPS. Brotli is not supported with HTTP requests in these browsers.
When performing a new distribution, you can invalidate files or assign them versioned file names to check the versions of files managed by the distribution. If you frequently update your files, we recommend that you use file versioning.
Versioning gives you better control over the content provided by CloudFront.
Versioning makes it easy to analyze the effects of file changes because CloudFront access logs include file names.
Versioning allows you to offer different versions of files to different users.
Versioning makes it easy to roll back and forth between file revisions.
The cost of versioning is lower. You still have to pay CloudFront to transfer new versions of your files to edge locations, but you don’t have to pay to invalidate the files.
slider_v1.js, image_v1.jpg are some versioning names of the sample files that you can use.
CriticalCase, as an AWS partner, has developed a strong expertise on implementing AWS WAF in different contexts. Thanks to years of experience, gained on multiple projects, we have developed a series of best practices aimed at installing, configuring and maintaining AWS WAF in the most correct and appropriate way for the customer context. These activities cover the implementation of and management of:
ElasticSearch Kibana dashboard for WAF monitoring
Over the years, we have had the opportunity to support our customers with our AWS WAF solutions, applying them on the most diverse contexts, including: e-Commerce, Web Site, Web Applications of various kinds.
Architecture of the WAF solution
You can centrally configure and manage AWS WAF deployments across multiple AWS accounts using AWS Firewall Manager. When you create new resources, you can ensure that they comply with a set of security rules. Firewall Manager performs automatic audits and notifies the security team when a policy violation occurs, allowing them to respond and act promptly. For more information on Firewall Manager visit the product website.
As with all AWS services, AWS CloudFront pricing is public and clear: https://aws.amazon.com/it/cloudfront/pricing/
The advice we always give to our customers is to contact CriticalCase both for the initial “price planning” activities and for the purchase of the service, since as an AWS Partner specialized in this competence, we are able to bring to the Customer:
Via Chambery 93/107-V 10142 – Torino
+39 011.5097366 | info@criticalcase.com
Via Industria 31/A, 6987 Caslano, Switzerland
+39 011.5097366 | info@criticalcase.com
Compila il form e un nostro esperto ti ricontatterà entro 24 ore: non vediamo l’ora di conoscerti!
Iscriviti alla nostra newsletter per restare aggiornato sulle novità dell’universo Criticalcase