AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
-
Upload
amazon-web-services -
Category
Technology
-
view
1.142 -
download
8
Transcript of AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
![Page 1: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/1.jpg)
Best Practices for Content
Delivery using Amazon
CloudFront
Nihar Bihani, Principal Product Manager, Amazon Web Services
March 17, 2015
![Page 2: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/2.jpg)
Agenda
Amazon CloudFront: Quick Overview
Best Practices for Whole Website Delivery
Q&A
@cloudfront
![Page 3: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/3.jpg)
Our growing global footprint…
North America South America EMEA APAC
POPs
Cities
Countries
Continents
AWS Region CloudFront Edge Location@cloudfront
![Page 4: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/4.jpg)
We have been busy building features…
• Second Edge
Location in
Seoul, Korea
• Smooth Streaming
Support
• SSL SNI Support
• HTTP to HTTPS Redirect
• CloudFront Usage Charts
• EDNS- Client-Subnet
Support
• Free Tier
• AWS CloudTrail Support
• Device Detection, Geo Targeting,
Host Header Forwarding, and
CORS Support
• Edge Location in
Melbourne
Dec
13Feb
14
Mar
14
Apr
14May
14
Jun
14Jul
14
Aug
14
• Advanced SSL features:
Session Tickets, OCSP
Stapling and Perfect Forward
Secrecy
Sep
14Oct
14
• Support for
Wildcard cookies
• OPTIONS caching
Jan
15
• 5 Cache Stat Reports
• Popular Objects Report
• More Timely CloudFront
Access Logs
Nov
14
Dec
14
• Price Drop
• Directory path as Origin Name
• Locations, Browsers, OS and
Top Referrers
Mar
15
• Signed Cookies
• Smart TV Detection
@cloudfront
Feb
15
![Page 5: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/5.jpg)
Amazon CloudFront: What’s New?
http://aws.amazon.co
m/cloudfront/whats-
new/
@cloudfront
![Page 6: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/6.jpg)
Dynamic
StaticVideo
User
Input
SSL
Amazon CloudFront: Whole Site Delivery
@cloudfront
![Page 7: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/7.jpg)
A typical web application has…
Static Assets
Dynamic Content
Streaming Media
@cloudfront
![Page 8: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/8.jpg)
Static Assets
@cloudfront
![Page 9: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/9.jpg)
What are Static Assets?
Content is static: Images, JS, CSS, Fonts, Software
It can be distributed to more than one user
State of the object doesn't change for: sec, min, hours,..
Caching is a way to serve static content to more than
one user
@cloudfront
![Page 10: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/10.jpg)
#1. Use Amazon S3 for Static Assets
Free data transfer from Amazon S3 to CloudFront
Decrease load on web server
Highly available & scalable
@cloudfront
![Page 11: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/11.jpg)
#2. Control Access to Content on Amazon S3
Origin Access Identity (OAI)
Content can be accessed ONLY via CloudFront
Why use OAI?
• Ensures content is not leaking
• S3 URLs not being used anywhere
@cloudfront
![Page 12: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/12.jpg)
#3. Control Access to Content on CloudFront
Amazon CloudFront Private Content(Paid subscribers, premium customers etc.)
Signed URLs or Signed Cookies
When to use?
• Signed URLs: Marketing email
• Signed Cookies: Streaming, whole site authentication
Region
Access Denied
Access Denied
@cloudfront
![Page 13: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/13.jpg)
#4. Cache at Every Layer: Browser Caching
Set max-age or expiry date in your headers(e.g. Cache-Control: max-age=3600)
HTML5 application cache
Helps eliminate network latency
But… browser cache size is limited(e.g. IE is 8-50M, Chrome is < 80M, Firefox is 50MB, etc.)
@cloudfront
![Page 14: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/14.jpg)
#5. Cache at Every Layer: Edge Caching
Set High TTLs for intermediary caches(e.g. Cache-Control: max-age=3600, s-maxage=86400)
Don’t forward Headers, Query Strings or CookiesNote: You do need to forward the relevant headers if you’re doing CORS
In other words, use CloudFront defaults
@cloudfront
![Page 15: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/15.jpg)
#6. Version Your Objects
Versioning allows for easy updates and roll backs
Use file name or query string to version; no additional API calls are needed
Set High TTLs on objects that change infrequently
Each version is treated as a unique object in the browser cache
@cloudfront
![Page 16: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/16.jpg)
Dynamic Content
@cloudfront
![Page 17: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/17.jpg)
What is Dynamic Content?
Content unique to every request(Example: /index.php)
Content changes frequently (seconds, minutes), but NOT unique for every request(Example: weather updates, API, etc.)
Content changes based on end user request (query string, cookies, headers)(Example: mobile vs. desktop users, search keywords in query string, etc.)
@cloudfront
![Page 18: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/18.jpg)
#7. Cache Everything Possible
CloudFront supports TTLs as low as 0 seconds, no-cache, no-store, etc.
Most content can be cached, even if it is for a few seconds
Benefits of setting a low TTL
• CloudFront supports “If-Modified-Since” and “If-None-Match” when object in the cache has expired
• CloudFront will serve stale content if origin is unavailable and object is in cache
• Helps you offload your origin load
@cloudfront
![Page 19: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/19.jpg)
Cache Everything Possible.. Cont'd
Top 50 objects: CloudFront Popular Objects Report
Find content that can be cached for any period of time: hours, minutes or seconds
@cloudfront
![Page 20: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/20.jpg)
#8. Use Multiple Cache Behaviors
ONLY forward required headers• Example: don’t forward cookies for /images
Avoid forwarding the User-Agent header• Instead use the Is-Mobile-Viewer, Is-Tablet-Viewer, Is-Desktop-Viewer, or Is-SmartTV-Viewer header values
Avoid forwarding ALL cookies• Instead, forward only the select cookies that you use to vary your content
@cloudfront
![Page 21: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/21.jpg)
Streaming Media
@cloudfront
![Page 22: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/22.jpg)
What is Streaming Media?
Live Streaming (e.g. a concert)
On Demand Streaming (e.g. a recent movie)
Audio Streaming (e.g. podcasts or music)
Typically involves delivering the manifest file, media files,
and player
@cloudfront
![Page 23: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/23.jpg)
#9. Set The Right TTLs
Manifest File• Set Low TTL (e.g. 2 seconds)
Media Files• High TTLs (e.g. 60 seconds)
Media Player• Static: Store in Amazon S3 and distribute via CloudFront
• Set High TTL (e.g. 24 hours)
@cloudfront
![Page 24: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/24.jpg)
#10. Use HTTP Based Streaming Protocols
Use CloudFront Web distributions to deliver multi-bitrate streaming
Use CloudFront with media servers running on Amazon EC2 for live streaming (for high-availability and flexibility)
Use Fragmented streaming formats such as Smooth Streaming (native support in CloudFront), HLS, etc.
Don’t forward any headers, cookies, query strings
Use Signed Cookies instead of Signed URLs
@cloudfront
![Page 25: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/25.jpg)
Availability Best Practices
@cloudfront
![Page 26: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/26.jpg)
#11. Use Monitoring, Alarming & Notifications
Near Real-Time Monitoring & Alarming via
CloudWatch
Six Metrics Available
• Requests, Bytes Downloaded, Bytes Uploaded, 4xx Error
Rate, 5xx Error Rate, Total Error Rate
• No additional cost for Monitoring
• Set Alarms and Notifications
@cloudfront
![Page 27: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/27.jpg)
#12. Always Configure Custom Error Pages
Custom error pages help
improve customer experience
Deliver error pages from
Amazon S3
Set low error caching minimum
TTL (e.g. 15 seconds)
@cloudfront
![Page 28: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/28.jpg)
#13. Design for Failure
What happens if the origin fails to respond to
CloudFront?
Region
CloudFront
@cloudfront
![Page 29: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/29.jpg)
Design for Failure …Cont’d
With Amazon Route 53 you can health check your origin
Region
Route53
Health
Check
Health
Check
@cloudfront
![Page 30: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/30.jpg)
Design for Failure …Cont’d
Failures can be detected by Route 53 health checks
Region
Route53
Health
Check
Health
CheckCloudFront
@cloudfront
![Page 31: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/31.jpg)
Design for Failure …Cont’d
The traffic shifts to the healthy instances or load-
balancers instead
Region
Route53
Health
Check
Health
Check
CloudFront
@cloudfront
![Page 32: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/32.jpg)
#14. More Caching = Higher Availability
Cache everything possible!
If your origin server is unavailable and you don’t have a backup origin server, or you don’t configure custom error pages…
CloudFront will automatically serve the stale object (if object is in cache), for the duration of error caching minimum TTL
@cloudfront
![Page 33: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/33.jpg)
Security Best Practices
@cloudfront
![Page 34: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/34.jpg)
#15. Use End-to-End HTTPS
CloudFront supports HTTPS between browser
and edge, as well as between edge and origin
Set match-viewer for your Origin protocol
policy
Configure HTTP to HTTPS redirect for each
cache behavior
@cloudfront
BROWSER EDGE ORIGIN
Full-Bridge
![Page 35: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/35.jpg)
#16. Use AWS IAM and AWS CloudTrail
Create IAM users to regulate access to the Amazon
CloudFront APIs (or console)
Use AWS CloudTrail to record CloudFront API calls
history for security analysis, resource change tracking,
and compliance auditing
No additional CloudFront cost for using these services
@cloudfront
![Page 36: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/36.jpg)
Performance & Cost Best Practices
@cloudfront
![Page 37: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/37.jpg)
#17. Multiple Options to Optimize SSL Costs
Use the *.cloudfront.net SSL certificate
Two options for Custom SSL: SNI vs.
Dedicated IP
Use CloudFront Reports to identify
Browser/OS Version
Seamlessly switch between SSL Options
@cloudfront
![Page 38: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/38.jpg)
Optimizing SSL Costs …Cont’d
SSL certificate pricing is per IAM certificate ID
You may associate a single SSL certificate with multiple distributions under the same AWS account
If you have multiple second level domains that you serve over SSL, use a single UCC certificate with all domains listed
For multiple third level domains served over SSL, use a wildcard certificate
@cloudfront
![Page 39: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/39.jpg)
#18. Use Price Classes to Optimize Delivery Costs
Price Class
• Price Class All – Use All Edge Locations
• Price Class 200 – Use Edge Locations in US, EU, Asia & Japan
• Price Class 100 – Use Edge Locations in US and EU ONLY
Use the more appropriate Price Class where applicable
• If your end users are primarily in the US & EU
• Use the viewer location report to determine viewer geo distribution
• Switching between Price Classes is seamless
@cloudfront
![Page 40: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/40.jpg)
#19. Domain Sharding
Most browsers open a limited number of parallel connections to the same domain
Shard assets over multiple domains; however it’s a balancing act
Use multiple CNAME aliases to serve content from a CloudFront distribution
Use CloudFront Wildcard CNAMEs & Use Wildcard SSL Certificate
@cloudfront
![Page 41: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/41.jpg)
#20. Use Route 53 ALIAS Records
Use Amazon Route 53 to route queries to your CloudFront
distribution
Why use Route 53 ALIAS records?
• DNS queries to ALIAS records are free of charge
• Unlike CNAMEs, you can create an ALIAS record for your zone apex
• Using an ALIAS record results in less DNS lookups when resolving
your CNAME to your CloudFront distribution
@cloudfront
![Page 42: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/42.jpg)
Analytics Best Practices
@cloudfront
![Page 43: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/43.jpg)
#21. Use Reports to Personalize Your Content
Geo-targeting to personalize content for your end users
How can you do that?
• Viewer reports shows top countries
• Use CloudFront to detect & forward end users’
country code
@cloudfront
![Page 44: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/44.jpg)
#22. Turn-On Amazon CloudFront Access Logs
No additional cost for Amazon CloudFront’s logging functionality
Run additional analytics for deep dive into your usage
Request IDs included in the logs can help when working with AWS to debug an issue
Cookies & query strings may be logged even if you choose not to forward these to the origin
@cloudfront
![Page 45: AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront](https://reader034.fdocuments.us/reader034/viewer/2022042602/55a661191a28ab60538b4704/html5/thumbnails/45.jpg)
Join our Monthly Office Hour series
Register Here: http://aws.amazon.com/cloudfront/webinars/
Topic Date & Time Link
March CloudFront Office Hours (Streaming) 3/26/2015 10AM PT Register
April CloudFront Office Hours (Topic TBD) 4/15/2015 10AM PT Register
May CloudFront Office Hours (Topic TBD) 5/20/2015 10AM PT Register
June CloudFront Office Hours (Topic TBD) 6/17/2015 10AM PT Register
Q & A
@cloudfront