1 00:00:00,210 --> 00:00:01,980 ‫Now let's talk about CloudFront. 2 00:00:01,980 --> 00:00:05,010 ‫CloudFront is a content delivery network, or CDN, 3 00:00:05,010 --> 00:00:08,610 ‫so anytime you see CDN at the exam, think CloudFront. 4 00:00:08,610 --> 00:00:10,440 ‫It improves the read performance 5 00:00:10,440 --> 00:00:12,960 ‫by caching the content of your website 6 00:00:12,960 --> 00:00:14,910 ‫at the different edge locations. 7 00:00:14,910 --> 00:00:18,090 ‫And because your content is cached all around the world, 8 00:00:18,090 --> 00:00:19,650 ‫then your users all around the world 9 00:00:19,650 --> 00:00:21,180 ‫will have a lower latency, 10 00:00:21,180 --> 00:00:23,640 ‫and this will improve the user experience. 11 00:00:23,640 --> 00:00:27,900 ‫CloudFront is made of 216 points of presence globally, 12 00:00:27,900 --> 00:00:32,010 ‫which correspond to the AWS edge locations around the world. 13 00:00:32,010 --> 00:00:33,960 ‫And AWS keeps on adding locations 14 00:00:33,960 --> 00:00:37,350 ‫to improve user experience even further everywhere. 15 00:00:37,350 --> 00:00:40,770 ‫On top of it, by having the content distributed globally 16 00:00:40,770 --> 00:00:42,810 ‫we are getting DDoS protection. 17 00:00:42,810 --> 00:00:44,670 ‫So DDoS is a sort of attack 18 00:00:44,670 --> 00:00:46,350 ‫where all your servers around the world 19 00:00:46,350 --> 00:00:47,580 ‫are getting attacked at the same time, 20 00:00:47,580 --> 00:00:49,500 ‫we'll see this later on in this course, 21 00:00:49,500 --> 00:00:50,610 ‫and the idea is that CloudFront 22 00:00:50,610 --> 00:00:52,740 ‫because your application is worldwide, 23 00:00:52,740 --> 00:00:54,630 ‫then you're protected against these attacks, 24 00:00:54,630 --> 00:00:56,520 ‫also using something called Shield 25 00:00:56,520 --> 00:00:58,170 ‫and Web Application Firewall, 26 00:00:58,170 --> 00:01:00,570 ‫that we will be seeing in the security section. 27 00:01:00,570 --> 00:01:03,300 ‫So if we wanted to look at a map of the world, 28 00:01:03,300 --> 00:01:06,330 ‫these are the map and we see some edge locations 29 00:01:06,330 --> 00:01:07,800 ‫as well at edge caches. 30 00:01:07,800 --> 00:01:10,590 ‫And so say we had created an S3 bucket and a website 31 00:01:10,590 --> 00:01:13,020 ‫on our S3 bucket in Australia, 32 00:01:13,020 --> 00:01:15,690 ‫but we had a user maybe in America, 33 00:01:15,690 --> 00:01:16,830 ‫then what the user will do 34 00:01:16,830 --> 00:01:18,600 ‫is that it will request the content 35 00:01:18,600 --> 00:01:21,420 ‫from an American edge location using CloudFront, 36 00:01:21,420 --> 00:01:22,410 ‫and CloudFront will be able 37 00:01:22,410 --> 00:01:24,750 ‫to fetch the content from Australia. 38 00:01:24,750 --> 00:01:26,370 ‫Now, if another user in the US 39 00:01:26,370 --> 00:01:28,260 ‫will be requesting the same content, 40 00:01:28,260 --> 00:01:30,300 ‫then it will be served directly from the edge 41 00:01:30,300 --> 00:01:31,440 ‫and it will not go all the way 42 00:01:31,440 --> 00:01:33,300 ‫to Australia to serve that content. 43 00:01:33,300 --> 00:01:35,250 ‫Same if a user is in China, 44 00:01:35,250 --> 00:01:38,160 ‫then it will be talking to a Chinese point of presence 45 00:01:38,160 --> 00:01:40,680 ‫and then redirected to the S3 bucket, 46 00:01:40,680 --> 00:01:43,620 ‫and then the content will be cached at the edge. 47 00:01:43,620 --> 00:01:45,840 ‫CloudFront has several type of origins. 48 00:01:45,840 --> 00:01:47,580 ‫For example, you have S3 bucket, 49 00:01:47,580 --> 00:01:49,200 ‫which is used to distribute files 50 00:01:49,200 --> 00:01:52,680 ‫and cache them at the edge using CloudFront. 51 00:01:52,680 --> 00:01:54,540 ‫And to guarantee that only CloudFront 52 00:01:54,540 --> 00:01:56,070 ‫can access your S3 bucket, 53 00:01:56,070 --> 00:01:59,400 ‫you can use something called the Origin Access Control, OAC, 54 00:01:59,400 --> 00:02:03,540 ‫which is replacing the older Origin Access identity, OAI. 55 00:02:03,540 --> 00:02:05,430 ‫CloudFront can also be used as a way 56 00:02:05,430 --> 00:02:07,230 ‫to send data into an S3 bucket. 57 00:02:07,230 --> 00:02:09,090 ‫So to upload data to file to S3, 58 00:02:09,090 --> 00:02:11,100 ‫which is called an ingress. 59 00:02:11,100 --> 00:02:13,200 ‫You can have CloudFront as well instead 60 00:02:13,200 --> 00:02:17,280 ‫in front of any custom origin HTTP backend. 61 00:02:17,280 --> 00:02:19,320 ‫So that could be an Application Load Balancer, 62 00:02:19,320 --> 00:02:21,090 ‫that could be an EC2 instance, 63 00:02:21,090 --> 00:02:22,170 ‫and the S3 website, 64 00:02:22,170 --> 00:02:26,280 ‫but first you must enable the bucket as a static S3 website, 65 00:02:26,280 --> 00:02:29,790 ‫or really any HTTP backend you want. 66 00:02:29,790 --> 00:02:31,860 ‫So at a high level, how does CloudFront work? 67 00:02:31,860 --> 00:02:34,980 ‫We have the edge location all around the world, okay? 68 00:02:34,980 --> 00:02:37,230 ‫And then it will be connecting to your origin. 69 00:02:37,230 --> 00:02:41,010 ‫So would it be an S3 bucket or an HTTP server? 70 00:02:41,010 --> 00:02:42,630 ‫And when the client connects 71 00:02:42,630 --> 00:02:46,260 ‫and does an HTTP request into your edge location, 72 00:02:46,260 --> 00:02:48,600 ‫then the edge location will see 73 00:02:48,600 --> 00:02:51,000 ‫if it has it in the cache. 74 00:02:51,000 --> 00:02:52,650 ‫If it doesn't have it in the cache, 75 00:02:52,650 --> 00:02:56,520 ‫then it will go to the origin to get the request results. 76 00:02:56,520 --> 00:02:58,320 ‫And then once you retrieve the results, 77 00:02:58,320 --> 00:03:00,420 ‫it will be caching it into a local cache 78 00:03:00,420 --> 00:03:03,000 ‫so that if another client requests the same content 79 00:03:03,000 --> 00:03:04,620 ‫from the same edge location, 80 00:03:04,620 --> 00:03:05,880 ‫then the edge location does not 81 00:03:05,880 --> 00:03:08,280 ‫need to go to the origin. 82 00:03:08,280 --> 00:03:10,350 ‫So if we have S3 as an origin, 83 00:03:10,350 --> 00:03:11,640 ‫then if we look at the cloud, 84 00:03:11,640 --> 00:03:14,280 ‫your S3 bucket is your origin in some region, 85 00:03:14,280 --> 00:03:16,110 ‫and then you have edge locations all around the world, 86 00:03:16,110 --> 00:03:18,480 ‫for example, at Los Angeles. 87 00:03:18,480 --> 00:03:21,630 ‫And your users accessing the edge location in Los Angeles 88 00:03:21,630 --> 00:03:24,120 ‫will get their content directly served 89 00:03:24,120 --> 00:03:25,410 ‫through the edge location, 90 00:03:25,410 --> 00:03:26,640 ‫but first the edge location 91 00:03:26,640 --> 00:03:29,130 ‫will get it from the origin S3 bucket 92 00:03:29,130 --> 00:03:31,020 ‫through the private network. 93 00:03:31,020 --> 00:03:32,760 ‫And the S3 bucket will be secured 94 00:03:32,760 --> 00:03:34,680 ‫using an Origin Access Control 95 00:03:34,680 --> 00:03:38,610 ‫and by modifying the S3 bucket policy on the S3 bucket. 96 00:03:38,610 --> 00:03:41,070 ‫So this is the same when we have a user 97 00:03:41,070 --> 00:03:43,230 ‫in Sao Paulo, for example, in Brazil. 98 00:03:43,230 --> 00:03:45,930 ‫Again, this will be another edge location 99 00:03:45,930 --> 00:03:48,630 ‫which will be serving users close to Brazil, 100 00:03:48,630 --> 00:03:50,610 ‫and then it will be a private connection 101 00:03:50,610 --> 00:03:52,170 ‫between your edge location 102 00:03:52,170 --> 00:03:54,540 ‫and your S3 bucket, and so on. 103 00:03:54,540 --> 00:03:56,820 ‫So using CloudFront and the edge locations, 104 00:03:56,820 --> 00:04:00,390 ‫we can see that the content of our S3 bucket in one region 105 00:04:00,390 --> 00:04:02,880 ‫can be distributed all around the world 106 00:04:02,880 --> 00:04:06,090 ‫through the edge locations or points of presence. 107 00:04:06,090 --> 00:04:07,320 ‫So one question that's common 108 00:04:07,320 --> 00:04:09,330 ‫is what is the difference between CloudFront 109 00:04:09,330 --> 00:04:11,580 ‫and something like S3 Replication? 110 00:04:11,580 --> 00:04:12,810 ‫Well, if you have CloudFront, 111 00:04:12,810 --> 00:04:14,580 ‫you're using the Global Edge network, 112 00:04:14,580 --> 00:04:17,760 ‫so this is about 216 points of presence, 113 00:04:17,760 --> 00:04:19,545 ‫and the files are going to be cached 114 00:04:19,545 --> 00:04:22,440 ‫in each edge location, maybe for a day. 115 00:04:22,440 --> 00:04:24,690 ‫So this is amazing if you have static content 116 00:04:24,690 --> 00:04:26,850 ‫that must be able to be available 117 00:04:26,850 --> 00:04:28,890 ‫everywhere around the world. 118 00:04:28,890 --> 00:04:31,110 ‫S3 Cross-Region Replication is different, 119 00:04:31,110 --> 00:04:32,730 ‫it must be set up for each region 120 00:04:32,730 --> 00:04:34,050 ‫you want replication to happen, 121 00:04:34,050 --> 00:04:36,390 ‫so this is not for every region in the world. 122 00:04:36,390 --> 00:04:38,850 ‫And then files are going to be updated in near real-time, 123 00:04:38,850 --> 00:04:40,590 ‫so there's no caching that happens. 124 00:04:40,590 --> 00:04:42,270 ‫And it is only for read only, 125 00:04:42,270 --> 00:04:44,790 ‫and so this is great if you have dynamic content 126 00:04:44,790 --> 00:04:46,020 ‫that needs to change all the time 127 00:04:46,020 --> 00:04:49,260 ‫and be available at low-latency in a few regions. 128 00:04:49,260 --> 00:04:50,940 ‫So they serve very different purposes, 129 00:04:50,940 --> 00:04:53,130 ‫CloudFront is a CDN, 130 00:04:53,130 --> 00:04:55,830 ‫which is to cache content all around the world, 131 00:04:55,830 --> 00:04:57,900 ‫whereas S3 Cross-Region Replication 132 00:04:57,900 --> 00:05:01,530 ‫is to really replicate an entire bucket into another region. 133 00:05:01,530 --> 00:05:03,080 ‫So hopefully that makes sense about CloudFront. 134 00:05:03,080 --> 00:05:04,830 ‫In the next lecture, we'll have a play 135 00:05:04,830 --> 00:05:07,200 ‫and see how we can set up a CloudFront distribution 136 00:05:07,200 --> 00:05:09,090 ‫on the cloud for an S3 bucket. 137 00:05:09,090 --> 00:05:10,990 ‫So I will see you in the next lecture.