Amazon CloudFront using Behaviors, Policies, and Functions

Introduction

Amazon CloudFront is a globally distributed content delivery network with over 150 edge locations worldwide. The service helps you cache the data at edge locations served when requested by a nearby end user. You can cache extensions like jpg, png, js, and even videos to reduce stress on your origin servers.

The CloudFront edge server provides quicker delivery at the viewer’s end. The Amazon network can decrease the number of networks consumers request to origin. As a result, it enhances performance and reduces latency for consumers. Moreover, it improves availability and dependability. We can have multiple origins from where the CloudFront induces the content into the edge locations. The location where you have saved your data is called the origin server. For example, S3 may be used to store a static website; in this situation, S3 would be referred to as the origin.

We have different types of cache policies used to control the cache behavior for static objects, we will talk about the behaviors, policies, and functions in more detail.

Freedom Month Sale — Upgrade Your Skills, Save Big!

Up to 80% OFF AWS Courses
Up to 30% OFF Microsoft Certs

Act Fast!

Steps to Cache Behavior

If you want to cache a particular extension, follow the below steps:

Navigate to your distribution and select behaviors.

cache1

2. Create a behavior pattern

cache2

3. Select viewer protocol policy allowed HTTP method as per the preference and use case

cache3

Note: As a best practice, you should keep the Default (*) path behavior as caching disabled and use caching for only the required static extensions.

Cache key policies and origin request policies

AWS recommends having a cache policy and origin request policy to control the cache behavior for the origin requests.

Let’s navigate to policies in the left-hand side pane to view more.

policy1

You may link a set of managed cache rules from CloudFront to any cache behaviors offered by your distribution. You don’t have to create or keep up with your cache policy when using a managed cache policy. The controlled policies use settings that are optimized for certain use situations.

A list of managed ache policies are

Custom Cache Policy

TTL: Using a custom policy, you can have custom TTL (Time to live settings). This works with Cache-control to control how long the CloudFront cache remains valid.

ttl

Cache key: The key settings define the values that CloudFront includes in the cache key in viewer requests. Possible values include cookies, HTTP headers, and URL query strings. The values you specify for the cache key are automatically included in the origin requests that CloudFront delivers to the origin.

cachekey

Compression: When the viewer supports it, these options allow CloudFront to request and cache compressed items using the Gzip or Brotli formats.

comp

Custom Origin Policy

The origin is contacted to get the requested item when a viewer request to CloudFront results in a cache miss (the requested object is not cached at the edge location).

Cache policies manage the cache key and are distinct from origin request policies. This division helps you retain a high ratio of cache hits while receiving more information at the origin.

By utilizing the policy, all URL query strings, HTTP headers, and cookies can be included in origin requests, as shown below:

origin

Functions

Using CloudFront Functions for large-scale, latency-sensitive CDN modifications, you can make lightweight JavaScript functions. The CloudFront Functions runtime environment is extremely secure, with startup speeds of less than one millisecond, and scalable instantly to accommodate millions of requests per second. Being a native component of CloudFront, CloudFront Functions enables you to write, test, and deploy your code directly inside of CloudFront.

We will create a function for our distribution that will fetch the client IP from the viewer to the origin as a header

Steps to create a CloudFront function

Navigate to functions under CloudFront.

func1

2. Create a new function

func2

3. Click on build and paste the function, and we have this function to request a true-client-Ip header from the CloudFront distribution.

func3

4. After adding the function, click on publish to publish the same.

func4

5. Click on add an association to add this function to your distribution.

func5

Now your origin will start receiving the true client IP as a header.

Conclusion

CloudFront is a state of art service provided by AWS, features such as multi-origin, behaviors, cache policies, origin requests policy, and functions make the service configurable and customizable.

You can start using default settings in CloudFront and gradually customize it as required. Take advantage of 150 plus edge locations worldwide, reduce your server usage, and make your front end highly available.

Freedom Month Sale — Discounts That Set You Free!

Up to 80% OFF AWS Courses
Up to 30% OFF Microsoft Certs

Act Fast!

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Can we view metrics in Amazon CloudFront?

ANS: – Yes, we can view the metrics such as requests, data transfer, error rates, and more.

2. Can we use CloudFront without caching or data?

ANS: – Yes, we can use the service without caching by enabling no caching behavior on the default path pattern.

3. What other services can be integrated with AWS CloudFront?

ANS: – Services such as S3, WAF, Amazon EC2, Elastic Load Balancing, and Amazon Route 53 can be integrated with CloudFront.

WRITTEN BY Akshay Mishra

Akshay Mishra works as a Subject Matter Expert at CloudThat. He is a Cloud Infrastructure & DevOps Expert and AWS Certified. Akshay is experienced in designing, securing, and managing scalable cloud infrastructure on AWS. Proven track record working with government, pharmaceutical, and financial clients in roles such as Cloud Engineer, Associate Solutions Architect, and DevOps Engineer. He is skilled in AWS infrastructure, CI/CD, Terraform, and cloud security, with certification in AWS Security – Specialty.