Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront

Amazon CloudFront offers a simple, cost-effective way to improve the performance, reliability and global reach of your entire website for both static content and the dynamic portions of your site that change for each end user. In this webinar, you will learn some best practices for using Amazon CloudFront to architect a highly reliable and high-performing website. You will also learn how you can use Amazon CloudFront to deliver content securely, how you can customize content based on device or geo, and learn how use can use CloudFront tools such as our reports and analytics to help you continuously optimize your content. If you are an AWS customer, you will also learn some best practices on how you can use Amazon CloudFront to improve delivery of static or dynamic content originating from AWS services such as Amazon S3, Elastic Load Balancing (ELB), or Amazon EC2.

Learning Objectives:
• Best practices for delivering your whole website on Amazon CloudFront
• Best practices to deliver content securely via Amazon CloudFront
• Best practices to deliver content from AWS services such as Amazon S3, Amazon EC2 and Elastic Load Balancing using Amazon CloudFront

Who Should Attend:
• All AWS (S3, EC2, or ELB) customers who have some data transfer to internet
• All Amazon CloudFront customers

AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront

  1. 1. Best Practices for Content Delivery using Amazon CloudFront Nihar Bihani, Principal Product Manager, Amazon Web Services March 17, 2015
  2. 2. Agenda Amazon CloudFront: Quick Overview Best Practices for Whole Website Delivery Q&A @cloudfront
  3. 3. Our growing global footprint… North America South America EMEA APAC POPs Cities Countries Continents AWS Region CloudFront Edge Location@cloudfront
  4. 4. We have been busy building features… • Second Edge Location in Seoul, Korea • Smooth Streaming Support • SSL SNI Support • HTTP to HTTPS Redirect • CloudFront Usage Charts • EDNS- Client-Subnet Support • Free Tier • AWS CloudTrail Support • Device Detection, Geo Targeting, Host Header Forwarding, and CORS Support • Edge Location in Melbourne Dec 13 Feb 14 Mar 14 Apr 14 May 14 Jun 14 Jul 14 Aug 14 • Advanced SSL features: Session Tickets, OCSP Stapling and Perfect Forward Secrecy Sep 14 Oct 14 • Support for Wildcard cookies • OPTIONS caching Jan 15 • 5 Cache Stat Reports • Popular Objects Report • More Timely CloudFront Access Logs Nov 14 Dec 14 • Price Drop • Directory path as Origin Name • Locations, Browsers, OS and Top Referrers Mar 15 • Signed Cookies • Smart TV Detection @cloudfront Feb 15
  5. 5. Amazon CloudFront: What’s New? m/cloudfront/whats- new/ @cloudfront
  6. 6. Dynamic Static Video User Input SSL Amazon CloudFront: Whole Site Delivery @cloudfront
  7. 7. A typical web application has… Static Assets Dynamic Content Streaming Media @cloudfront
  8. 8. Static Assets @cloudfront
  9. 9. What are Static Assets? Content is static: Images, JS, CSS, Fonts, Software It can be distributed to more than one user State of the object doesn't change for: sec, min, hours,.. Caching is a way to serve static content to more than one user @cloudfront
  10. 10. #1. Use Amazon S3 for Static Assets Free data transfer from Amazon S3 to CloudFront Decrease load on web server Highly available & scalable @cloudfront
  11. 11. #2. Control Access to Content on Amazon S3 Origin Access Identity (OAI) Content can be accessed ONLY via CloudFront Why use OAI? • Ensures content is not leaking • S3 URLs not being used anywhere @cloudfront
  12. 12. #3. Control Access to Content on CloudFront Amazon CloudFront Private Content (Paid subscribers, premium customers etc.) Signed URLs or Signed Cookies When to use? • Signed URLs: Marketing email • Signed Cookies: Streaming, whole site authentication Region Access Denied Access Denied @cloudfront
  13. 13. #4. Cache at Every Layer: Browser Caching Set max-age or expiry date in your headers (e.g. Cache-Control: max-age=3600) HTML5 application cache Helps eliminate network latency But… browser cache size is limited (e.g. IE is 8-50M, Chrome is < 80M, Firefox is 50MB, etc.) @cloudfront
  14. 14. #5. Cache at Every Layer: Edge Caching Set High TTLs for intermediary caches (e.g. Cache-Control: max-age=3600, s-maxage=86400) Don’t forward Headers, Query Strings or Cookies Note: You do need to forward the relevant headers if you’re doing CORS In other words, use CloudFront defaults @cloudfront
  15. 15. #6. Version Your Objects Versioning allows for easy updates and roll backs Use file name or query string to version; no additional API calls are needed Set High TTLs on objects that change infrequently Each version is treated as a unique object in the browser cache @cloudfront
  16. 16. Dynamic Content @cloudfront
  17. 17. What is Dynamic Content? Content unique to every request (Example: /index.php) Content changes frequently (seconds, minutes), but NOT unique for every request (Example: weather updates, API, etc.) Content changes based on end user request (query string, cookies, headers) (Example: mobile vs. desktop users, search keywords in query string, etc.) @cloudfront
  18. 18. #7. Cache Everything Possible CloudFront supports TTLs as low as 0 seconds, no-cache, no-store, etc. Most content can be cached, even if it is for a few seconds Benefits of setting a low TTL • CloudFront supports “If-Modified-Since” and “If-None-Match” when object in the cache has expired • CloudFront will serve stale content if origin is unavailable and object is in cache • Helps you offload your origin load @cloudfront
  19. 19. Cache Everything Possible.. Cont'd Top 50 objects: CloudFront Popular Objects Report Find content that can be cached for any period of time: hours, minutes or seconds @cloudfront
  20. 20. #8. Use Multiple Cache Behaviors ONLY forward required headers • Example: don’t forward cookies for /images Avoid forwarding the User-Agent header • Instead use the Is-Mobile-Viewer, Is-Tablet-Viewer, Is-Desktop-Viewer, or Is-SmartTV-Viewer header values Avoid forwarding ALL cookies • Instead, forward only the select cookies that you use to vary your content @cloudfront
  21. 21. Streaming Media @cloudfront
  22. 22. What is Streaming Media? Live Streaming (e.g. a concert) On Demand Streaming (e.g. a recent movie) Audio Streaming (e.g. podcasts or music) Typically involves delivering the manifest file, media files, and player @cloudfront
  23. 23. #9. Set The Right TTLs Manifest File • Set Low TTL (e.g. 2 seconds) Media Files • High TTLs (e.g. 60 seconds) Media Player • Static: Store in Amazon S3 and distribute via CloudFront • Set High TTL (e.g. 24 hours) @cloudfront
  24. 24. #10. Use HTTP Based Streaming Protocols Use CloudFront Web distributions to deliver multi-bitrate streaming Use CloudFront with media servers running on Amazon EC2 for live streaming (for high-availability and flexibility) Use Fragmented streaming formats such as Smooth Streaming (native support in CloudFront), HLS, etc. Don’t forward any headers, cookies, query strings Use Signed Cookies instead of Signed URLs @cloudfront
  25. 25. Availability Best Practices @cloudfront
  26. 26. #11. Use Monitoring, Alarming & Notifications Near Real-Time Monitoring & Alarming via CloudWatch Six Metrics Available • Requests, Bytes Downloaded, Bytes Uploaded, 4xx Error Rate, 5xx Error Rate, Total Error Rate • No additional cost for Monitoring • Set Alarms and Notifications @cloudfront
  27. 27. #12. Always Configure Custom Error Pages Custom error pages help improve customer experience Deliver error pages from Amazon S3 Set low error caching minimum TTL (e.g. 15 seconds) @cloudfront
  28. 28. #13. Design for Failure What happens if the origin fails to respond to CloudFront? Region CloudFront @cloudfront
  29. 29. Design for Failure …Cont’d With Amazon Route 53 you can health check your origin Region Route53 Health Check Health Check @cloudfront
  30. 30. Design for Failure …Cont’d Failures can be detected by Route 53 health checks Region Route53 Health Check Health Check CloudFront @cloudfront
  31. 31. Design for Failure …Cont’d The traffic shifts to the healthy instances or load- balancers instead Region Route53 Health Check Health Check CloudFront @cloudfront
  32. 32. #14. More Caching = Higher Availability Cache everything possible! If your origin server is unavailable and you don’t have a backup origin server, or you don’t configure custom error pages… CloudFront will automatically serve the stale object (if object is in cache), for the duration of error caching minimum TTL @cloudfront
  33. 33. Security Best Practices @cloudfront
  34. 34. #15. Use End-to-End HTTPS CloudFront supports HTTPS between browser and edge, as well as between edge and origin Set match-viewer for your Origin protocol policy Configure HTTP to HTTPS redirect for each cache behavior @cloudfront BROWSER EDGE ORIGIN Full-Bridge
  35. 35. #16. Use AWS IAM and AWS CloudTrail Create IAM users to regulate access to the Amazon CloudFront APIs (or console) Use AWS CloudTrail to record CloudFront API calls history for security analysis, resource change tracking, and compliance auditing No additional CloudFront cost for using these services @cloudfront
  36. 36. Performance & Cost Best Practices @cloudfront
  37. 37. #17. Multiple Options to Optimize SSL Costs Use the * SSL certificate Two options for Custom SSL: SNI vs. Dedicated IP Use CloudFront Reports to identify Browser/OS Version Seamlessly switch between SSL Options @cloudfront
  38. 38. Optimizing SSL Costs …Cont’d SSL certificate pricing is per IAM certificate ID You may associate a single SSL certificate with multiple distributions under the same AWS account If you have multiple second level domains that you serve over SSL, use a single UCC certificate with all domains listed For multiple third level domains served over SSL, use a wildcard certificate @cloudfront
  39. 39. #18. Use Price Classes to Optimize Delivery Costs Price Class • Price Class All – Use All Edge Locations • Price Class 200 – Use Edge Locations in US, EU, Asia & Japan • Price Class 100 – Use Edge Locations in US and EU ONLY Use the more appropriate Price Class where applicable • If your end users are primarily in the US & EU • Use the viewer location report to determine viewer geo distribution • Switching between Price Classes is seamless @cloudfront
  40. 40. #19. Domain Sharding Most browsers open a limited number of parallel connections to the same domain Shard assets over multiple domains; however it’s a balancing act Use multiple CNAME aliases to serve content from a CloudFront distribution Use CloudFront Wildcard CNAMEs & Use Wildcard SSL Certificate @cloudfront
  41. 41. #20. Use Route 53 ALIAS Records Use Amazon Route 53 to route queries to your CloudFront distribution Why use Route 53 ALIAS records? • DNS queries to ALIAS records are free of charge • Unlike CNAMEs, you can create an ALIAS record for your zone apex • Using an ALIAS record results in less DNS lookups when resolving your CNAME to your CloudFront distribution @cloudfront
  42. 42. Analytics Best Practices @cloudfront
  43. 43. #21. Use Reports to Personalize Your Content Geo-targeting to personalize content for your end users How can you do that? • Viewer reports shows top countries • Use CloudFront to detect & forward end users’ country code @cloudfront
  44. 44. #22. Turn-On Amazon CloudFront Access Logs No additional cost for Amazon CloudFront’s logging functionality Run additional analytics for deep dive into your usage Request IDs included in the logs can help when working with AWS to debug an issue Cookies & query strings may be logged even if you choose not to forward these to the origin @cloudfront
  45. 45. Join our Monthly Office Hour series Register Here: Topic Date & Time Link March CloudFront Office Hours (Streaming) 3/26/2015 10AM PT Register April CloudFront Office Hours (Topic TBD) 4/15/2015 10AM PT Register May CloudFront Office Hours (Topic TBD) 5/20/2015 10AM PT Register June CloudFront Office Hours (Topic TBD) 6/17/2015 10AM PT Register Q & A @cloudfront