ネットワーキング

Amazon CloudFront

A global CDN service that delivers content with low latency from over 450 edge locations worldwide

About 5 min read

Overview

Amazon CloudFront is a content delivery network (CDN) service that delivers web sites, APIs, video, and static files to end users with low latency through a globally distributed network of over 450 edge locations (PoPs). It caches content from origin servers (S3, EC2, ALB, custom origins, etc.) at edge locations and serves it from the edge closest to the user, dramatically reducing response times. Lambda@Edge and CloudFront Functions let you run request/response processing at edge locations, enabling A/B testing, URL rewrites, and header manipulation without placing load on the origin. AWS Shield Standard provides free DDoS protection, and combining it with AWS WAF further strengthens web application security.

Cache Policy and TTL Design

Designing an effective caching strategy is critical to maximizing CloudFront performance. Cache policies let you configure TTL (Time to Live) settings, select which headers, query strings, and cookies to include in the cache key, and enable compression (Gzip, Brotli). For static content (images, CSS, JS), the best practice is to set a long TTL (e.g., 1 year) and manage cache invalidation by including a hash in the filename (versioning). For dynamic content (API responses), either disable caching or set a short TTL. Origin request policies let you control which headers and query strings are forwarded to the origin independently of the cache key, improving cache hit rates while still passing necessary information to the origin. Enabling Origin Shield adds a caching layer in front of the regional edge cache, further reducing requests to the origin. In contrast, Azure CDN lets you choose from multiple providers (Akamai, Verizon, Microsoft), but CloudFront's tight integration with S3 origins - including free data transfer from S3 - often results in lower total cost for AWS-native architectures.

Choosing Between Lambda@Edge and CloudFront Functions

CloudFront provides two edge computing options for request/response processing. Lambda@Edge supports Node.js and Python with up to 30 seconds of execution time, making it suitable for complex processing such as A/B testing, dynamic origin selection, and authentication logic. CloudFront Functions support JavaScript only but execute in under 1 millisecond at a fraction of the cost, making them ideal for lightweight tasks like URL rewrites, header manipulation, and simple redirects. The key decision factor is complexity: use CloudFront Functions for stateless transformations that require no network calls, and Lambda@Edge when you need external API access, longer execution time, or multi-language support. In practice, most production setups use both - CloudFront Functions for high-volume simple operations and Lambda@Edge for the subset of requests requiring heavier processing. To learn Amazon CloudFront from basics to advanced topics, books (Amazon) offer a structured approach.

Security and Cost Structure

CloudFront integrates with AWS Shield Standard (free) for automatic DDoS protection and can be combined with AWS WAF for application-layer security including rate limiting, geo-blocking, and bot mitigation. For HTTPS, you can attach ACM (AWS Certificate Manager) certificates at no additional cost, and enforce HTTPS-only connections via viewer protocol policies. On the cost side, CloudFront pricing is based on data transfer out, HTTP/HTTPS request counts, and optional features like Lambda@Edge invocations. The free tier includes 1 TB of data transfer and 10 million HTTP/HTTPS requests per month for the first 12 months. A key cost advantage is that data transfer from S3 origins to CloudFront is free, which significantly reduces costs compared to serving directly from S3. For high-traffic sites, Reserved Capacity pricing offers discounts of up to 30-40% in exchange for a minimum monthly commitment. Monitoring cache hit ratios through CloudFront's real-time metrics helps identify optimization opportunities - a low hit ratio often indicates overly specific cache keys that should be simplified.

共有するXB!

Related Terms

Amazon S3Amazon Route 53Elastic Load BalancingAWS WAF

Related Services

Amazon S3AWS WAFAmazon Route 53

Related Articles

AWS Fault Domain Design - How the Three-Layer Structure of AZs, Regions, and Partitions Protects AvailabilityLearn why AWS infrastructure is designed with three layers of fault domains - AZs (fault isolation), Regions (geographic separation), and Partitions (political separation) - and how far failures propagate at each layer, with real-world examples.Distributed Systems Principles Learned from AWS Outages - How Past Major Incidents Reshaped ArchitectureUsing AWS's published incident reports as case studies - including the S3 outage (2017), Kinesis outage (2020), and the unique nature of us-east-1 - this article explains design principles such as Shuffle Sharding, Static Stability, and Cell-based Architecture.Automating SSL/TLS Certificate Management with AWS Certificate Manager - From Issuance to RotationLearn how ACM handles free public certificate issuance, DNS validation, automatic renewal, and deployment to ALB and CloudFront.Amazon.com Is AWS's Biggest Customer - How Internal Dogfooding Drives Service QualityStarting from the fact that Amazon.com's e-commerce site, Prime Video, and Alexa all run on AWS, this article explores how internal dogfooding elevates service quality and how Prime Day's traffic demands have shaped AWS's architecture.Practical Use Cases for Amazon Quick - Department-Specific Scenarios and Workflow Automation Design PatternsExplore concrete use cases for sales, IT, and finance departments, along with design patterns for notifications, approvals, and multi-step workflows using Quick Flows.

Similar Terms and Articles

Amazon CloudFrontA CDN service that delivers content at high speed from edge locations around the worldHow CloudFront's 600+ PoPs Work - Anycast Routing and the Cache HierarchyLearn how CloudFront routes user requests to the nearest PoP using Anycast, the two-tier structure of edge locations and regional edge caches, and the design factors that determine cache hit rates.Global Network Acceleration - Low-Latency Delivery with AWS Global Accelerator and CloudFrontRoute traffic onto the AWS global network early using Anycast IPs to direct clients to the nearest edge location. This guide covers ALB/NLB integration and failover design.AWS Global Network Backbone - How Private Submarine Cables and 600+ PoPs Deliver Superior ConnectivityExplore the advantages of AWS's global network built on private submarine cables, dedicated fiber, and 600+ edge locations, compared with GCP's Premium Tier and Azure's network design.DDoS Protection - Multi-Layer Defense Design and Operations with AWS ShieldLearn about DDoS protection with AWS Shield Standard and Shield Advanced. This guide covers integration with CloudFront, Route 53, and ALB, combining with WAF, and cost protection features.