AWS re:Invent 2024 -Amazon CloudFront: Enhancing web performance one HTTP request at a time (CDN308)

Amazon CloudFront - Powering High-Performance and Resilient Web Experiences

Table of Contents

  1. Overview of Amazon CloudFront
  2. Enhancing DNS Performance and Availability
  3. Optimizing Content Delivery with Advanced Routing
  4. Securing and Protecting Your Origin
  5. Empowering Edge Computing with CloudFront Functions and Lambda@Edge
  6. Optimizing the Origin-to-CloudFront Journey
  7. Delivering High-Scale Live Events with CloudFront
  8. Improving Last-Mile Latency with Embedded Pops
  9. Introducing Media Quality-Aware Resiliency

Overview of Amazon CloudFront

  • Amazon CloudFront is a globally distributed Content Delivery Network (CDN) designed to deliver content with low latency, high transfer speeds, and optimal reliability.
  • CloudFront has over 700 Points of Presence (PoPs) across more than 50 countries, caching copies of content closer to end-users.
  • CloudFront routes requests through the AWS backbone network to the edge location that can best serve the content, reducing the distance the data has to travel.
  • CloudFront has also launched embedded PoPs, which are deployed directly within ISP networks, to deliver large-scale, cacheable content at high scale.

Enhancing DNS Performance and Availability

  • CloudFront DNS servers serve as the gateway to the CloudFront CDN, making them a critical first point of contact.
  • To mitigate the impact of network isolation events and seamlessly scale with increasing DNS traffic, CloudFront has expanded its DNS fleet to include AWS regions, in addition to edge locations.
  • This multi-region setup has led to a 30% reduction in DNS query latency, resulting in faster DNS resolution and more responsive user experiences.
  • CloudFront integrates custom monitoring mechanisms and third-party DNS monitoring solutions to proactively reroute traffic and ensure uninterrupted availability.

Optimizing Content Delivery with Advanced Routing

  • CloudFront's routing algorithm constantly adjusts to various factors, including network topology, customer traffic, and PoP health, to find the best path for every request.
  • The algorithm categorizes data into infrequently changing and frequently changing inputs, allowing it to adapt faster and maintain high performance even during major events.
  • CloudFront now uses EDNS-client-subnet along with latency-based and capacity-managed routing to improve the accuracy of client location, leading to more optimal routing decisions.
  • CloudFront has also introduced support for anycast IP addresses, allowing customers to use a set of dedicated IP addresses for their CloudFront distribution.

Securing and Protecting Your Origin

  • CloudFront integrates with AWS Shield to scrub inbound traffic and perform deep packet inspection to mitigate large-scale DDoS events.
  • The CloudFront team has also developed a DoS detection engine to automatically mitigate layer 7 DDoS and flash attacks directly at the CDN level.
  • This provides a layered security framework, complementing the application-specific rules in AWS WAF.

Empowering Edge Computing with CloudFront Functions and Lambda@Edge

  • CloudFront Functions are purpose-built for lightweight compute tasks that execute in milliseconds at the edge locations.
  • Lambda@Edge allows for more complex and resource-intensive workloads, such as schema validation, data transformation, and image optimization.
  • These edge computing capabilities enable customers to process requests closer to the end-users, further reducing latency.

Optimizing the Origin-to-CloudFront Journey

  • CloudFront offers origin groups for failover between primary and backup origins, ensuring high availability.
  • Origin Access Control (OAC) secures S3 buckets used as CloudFront origins, preventing direct public access.
  • VPC Origins allow customers to deliver content from applications hosted in private subnets, without any public connectivity to the VPC.

Delivering High-Scale Live Events with CloudFront

  • Warner Brothers Discovery has leveraged CloudFront to deliver high-profile live events, such as the Olympics and UEFA Cup, with no outages.
  • Key challenges include security, quality, and scaling concurrent events, concurrent users, and stream starts, all with 100% availability.
  • CloudFront functions were used to validate tokens and prevent unauthorized access, achieving a 77% increase in subscription rates during the Olympics.
  • Origin Shield was employed to optimize cache offload and reduce the number of requests hitting the origin, resulting in a 99% cache offload for on-demand and 99.95% for live content.

Improving Last-Mile Latency with Embedded Pops

  • Embedded Pops are deployed directly within ISP networks, bringing the CloudFront CDN closer to the viewers for faster content delivery.
  • Integrating Embedded Pops can be done through HTTP redirects or by directly integrating the CloudFront SDK into the URL vending system.
  • Embedded Pops have delivered up to 20% improvements in first-byte latency compared to requests served from regular CloudFront Pops.

Introducing Media Quality-Aware Resiliency

  • Media Quality-Aware Resiliency (MQ) is an integration between Elemental Media Services and CloudFront that automatically selects the highest-quality video stream based on a dynamically computed quality score.
  • This allows for near-instantaneous failover between redundant video sources, ensuring the best possible viewing experience during high-stakes live events.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us