SAA - C03 Certification: CloudFront

UpdatedNovember 26, 2024

•2 min read

I am a dedicated software engineer with a deep passion for security and a commitment to developing robust and scalable solutions. With over three years of hands-on experience in the .NET ecosystem, I have built, maintained, and optimized various software applications, demonstrating my ability to adapt to diverse project needs. In addition to my expertise in .NET, I have six months of specialized experience working with Spring Boot and ReactJS, further broadening my skill set to include full-stack development and modern web technologies. My professional journey includes deploying small to medium-sized systems to cloud platforms and on-premises environments, where I have ensured reliability, scalability, and efficient resource utilization. This combination of skills and experience reflects my versatility and commitment to staying at the forefront of the ever-evolving tech landscape.

Part of seriesSAA-C03 Certification

Origins

S3 bucket

CloudFront can be used as an ingress (to upload files to S3)

Custom Origin (HTTP)

Application Load Balancer
EC2 Instance
S3 website (must first enable the bucket as a static s3 website)
Any HTTP backend you want

The difference between CloudFront and S3 Cross Region Replication

CloudFront	S3 Cross Region Replication
Global network edge	Must be set for each region you wish replication to happen
Files are cached for a TTL	Files are updated in near real-time
Read Only
Great for static content that must be available everywhere	Great for dynamic content that needs to be available at low latency in a few regions

Price Classes

You can reduce the number of edge locations for cost reduction

Three price classes:

Price Class All: all regions - best performance
Price Class 200: most regions
Price Class 100: only the least expensive region

Cache Invalidations

If you update the back-end origins, CloudFront does not know about it and will only get the refreshed content after the expired TTL

However, you can force an entire or partial cache refresh by performing a CloudFront Invalidation

You can invalidate all files (*) or a special path (/images/*)

AWS Global Accelerator

Leverage the AWS internal network to route your application

2 Anycast IPs are created for your application

The Anycast IP sends traffic directly to Edge Locations

The Edge locations send the traffic to your application

Works with Elastic IP, EC2, ALB, NLB, public or private

Unicast vs Anycast IP

Unicast IP: one server holds one IP address

Anycast IP: all servers hold the same IP address and the client is routed to the nearest one

#aws

7 views

Comments

Join the discussion

No comments yet. Be the first to comment.

SAA-C03 Certification

Part 14 of 18

The purpose of this series is to document comprehensive notes in preparation for the AWS Solution Architect Associate Certification.

Up next

SAA - C03 Certification: S3

Security User-based IAM policies Resource-based Bucket policies Object/Bucket ACL (can be disabled) Bucket Policies JSON-based policies Resources: buckets and objects Effect: Allow / Deny Actions: Set of APIs to Allow or Deny Principal...

More from this blog

How to daily back up PostgreSQL into S3

Create a shell bash file as shown below #!/bin/bash # Directory containing temporary backup files BACKUP_DIR="~/temp_backup" # Format for backup file names (Ex: bk_2025-03-01.tar) FILE_NAME="bk_$(date +%Y-%m-%d).tar" FILE_PATH="$BACKUP_DIR/$FILE_NAM...

Mar 1, 20251 min read71

How to install Redis Sentinel using Helm in K8S

Adding bitnami repo into local repo helm helm repo add bitnami https://charts.bitnami.com/bitnami helm repo ls Cloning repository Redis on bitnami to machine mkdir redis-sentinel cd ./redis-sentinel helm fetch bitnami/redis --untar Make changes to ...

Feb 19, 20251 min read109

Adding a new hostname or IP Address to K8S API Server

Retrieve the kubeadm configuration file kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' --insecure-skip-tls-verify > kubeadm.yaml Fine-tune the configuration file apiServer: certSANs: - "10.10.10.10...

Jan 13, 20251 min read6

SAA - C03 Certification: Other Services

CloudFormation Benefits of AWS CloudFormation Infrastructure as code Cost Each resource in the stack is tagged with an identifier so you can easily see how much a stack costs Estimate the costs of resources using the CloudFormation template Savi...

Dec 3, 20244 min read12

SAA - C03 Certification: More Solution Architectures

High-Performance Computing Data Management & Transfer AWS Direct Connect: Move Gb/s of data to the cloud, over a private secure network Snowball & Snowmobile: Move PB of data to the cloud AWS DataSync: Move large amounts of data between on-premise...

Dec 2, 20242 min read8

Tuan Do's Blog

37 posts

The blog acts like a personal notebook for jotting down thoughts

Command Palette