Working with Amazon CloudFront


Web Distributions

Please note that this course has been replaced with a new course: Amazon CloudFront Design Patterns


Amazon CloudFront is a content delivery web service which integrates with other Amazon Web Services products to give you an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.

During this course we will cover a range of topics from an introduction to what CloudFront is, to architectural considerations, to pricing and reports. We will then do a walkthrough of creating a Web Distribution, during which we will consider security and best practices. After the creation of the Web Distribution we will start monitoring CloudFront with CloudWatch to ensure that our setup is suitable for our needs and to gather valuable information about our distribution. At the very end of this course we will provide an overview of general best practices.

In order to keep up with this course you should be familiar with the core services that AWS provides and best practices for working with the platform. If you need to get up to speed on this, you can start with the AWS Fundamentals series. This is an intermediate level course, and it is recommended that you also have some basic knowledge about CloudFront prior to start, but we will present a general overview as we get started.

If you have thoughts or suggestions for this course, please contact Cloud Academy at


Welcome to Working with Amazon CloudFront course. This is an intermediate course that will provide in-depth discussions, as well as demonstrations that you can follow along with.

Amazon CloudFront is AWS's fault-tolerant and globally scalable content delivery web service. It provides seamless integration with other Amazon Web Services products to provide an easy way to distribute content. During this lesson, we will cover a range of topics from an introduction to what CloudFront is, how it works, architectural considerations, to pricing and reports. We will then do a walkthrough covering a web distribution, and finally monitoring CloudFront with CloudWatch.

CloudFront is AWS's content delivery network that speeds up distribution of your static and dynamic content through its worldwide network of edge locations. When a user requests content that you're hosting, the request is routed back to the web server. However, if you're using CloudFront, this is routed to the closest edge location which provides the lowest latency to deliver the best performance.

Normally, we would cover what you need to do first to set up a CloudFront distribution before we talk about how it works. But as we'll be going through these steps in detail later in the course, I want to show you how it works for your end users who are accessing content.

This is very important, as you need to have a good understanding of this as it will inform you of decisions that you need to make when setting up from both a performance and cost management perspective. So we have configured CloudFront, and a user now accesses your site and requests an object.

In our example HTML, there are three image files. You can see from the "img src" that these have a CloudFront URL. DNS will route these requests to the CloudFront edge location that can service the request and also provide the best performance in relation to latency. At the edge location, CloudFront will check its cache for the requested files, and if they exist in the cache it will return them immediately to the user. If, however, the files are not in the cache, it will do the following.

One, CloudFront will compare the request with the specifications in your distribution, and forward the request to the applicable origin service based on the file type. Two, the origin services will send the requested files back to the CloudFront edge location. Three, as soon as the edge location receives the first byte from the origin, it will start to forward those files to the user. These files will also be added to the cache in the edge location for future requests.

When an object has been in the cache for 24 hours, or whichever duration that you specify in the file headers, CloudFront will, one, forward the next request of the object to the origin to determine whether it has the latest version. Two, if it has the latest version, it will deliver it to a user. Otherwise, the origin will send the latest version to CloudFront, which will deliver that to the user, and then store the latest version in the cache.

Pricing for CloudFront is based on data transfer out to the internet and to the origin, as well as a number of HTTP and HTTPS requests. If you are a new user to AWS, you can take advantage of the AWS Free Tier to get started with CloudFront. You will receive 50 gigabytes of data transfer out and 2 million HTTP and HTTPS requests each month. When looking at how you would determine your total cost for CloudFront, you need to consider the origin, which is the location of the objects that you want to be cached by CloudFront. We'll cover origins later in the course, but if you store them in Amazon S3 you'll be billed the normal Amazon S3 storage charges. But transfers from Amazon S3 to CloudFront are free.

Next is the serving of the objects from the edge locations. You'll incur charges when the CloudFront responds to requests, and these prices vary across geographic regions. The latest prices are shown in this table. Finally, there is submitting data to your origin, which is where users transfer data to your origin. This includes, DELETE, OPTIONS, PATCH, POST, and PUT requests. These prices also vary across geographic regions, and the latest prices are shown in this table. This covers the data transfer portion of the billing and next are the HTTP and HTTPS requests, which are billed at per 10,000 requests. These prices vary across geographic regions, with the latest prices shown in this table.

There are additional components specific to CloudFront that you need to be aware of from a pricing perspective. The first of these is invalidation requests. There is no additional charge for the first 1,000 paths requested for invalidation each month, and thereafter you're charged at $0.005 per path requested for invalidation. So what is an invalidation request? It's a feature that enables you to remove files from all edge locations prior to the expiration date, also known as a TTL, that is set on the files. The next is SSL, which lets you deliver content over HTTPS using your own domain name and your own SSL Certificate. You have two options for SSL, with the first being SNI, Server Name Indication, a custom SSL which relies on the TLS protocol and allows multiple domains to serve SSL over the same IP address.

There are no upfront or monthly fees for certificate management, outside the normal CloudFront rates for data transfer and HTTPS requests. Please note that if you have users who will access your content with older browsers, they may have trouble if, as is often the case, they don't support SNI. In this case, you would use a dedicated IP custom SSL, so that CloudForm allocates dedicated IP addresses to serve your content at each edge location. Pricing for this is a fixed monthly fee of $600 for each custom SSL Certificate you associate with your CloudFront distributions. This fee is prorated on a per hours basis, so if you signed up at the end of the billing cycle you would only pay for the time that you used it.

Choosing from price classes is an option that can lower the total price by limiting the edge locations. There are three price classes which are Price Class All which is all edge locations, Price Class 200 which is edge locations in the U.S., EU, Asia, and Japan, and Price Class 100 which is edge locations in the U.S. and EU only.

One last thing on pricing, there is reserved capacity pricing which requires you to commit to a minimum monthly usage level for at least 12 months. The agreements begin at a minimum of 10 terabytes of data transfer per month from a single region. There are significant discounts available if you will be a heavy user. To find out more about this, you will need to contact AWS.

At this point, we're going to only briefly touch on reports, as we will come back and look at them in greater detail after we have created our distributions. This way, we'll have some actual data to do the work with. There is a wealth of information in this section that can be used to optimize the content that we deliver, and to understand the behavior of our users. This reminds me of a quote from statistics by W. Edwards Deming, "In God we trust. All others must bring data."

There are five key reports, which are CloudFront Cache Statistics which displays information related to the edge locations for the last 60 days, with data points ranging from every hour to every day. CloudFront Popular Objects, which lists the 50 most popular objects and statistics about these objects ranging from the number of requests, hits, and misses, and repeat downloads and requests by HTTPS status codes. CloudFront Top Referrers Report, which lists the top 25 referrers including the number of requests from each referrer. CloudFront Usage Reports provides information about the number of requests, data transferred by protocol, and by destination. CloudFront Viewers Report provides information about the type of device users use to access your content, browser, operating system, and location. As mentioned previously, we will revisit these later in the course after we have created our distribution, so that we'll have some actual data for viewing.

About the Author
Learning Paths

David's acknowledged hands on experience in the IT industry has seen him speak at international conferences, operate in presales environments and conduct actual design and delivery services.

David also has extensive experience in delivery operations. David has worked in the financial, mining, state government, federal government and public sectors across Asia Pacific and the US