Global scope Supports multiple regions - multiple origins Health check for origin failovers - can be useful in disaster recovery supports active/active, active/standby architectures
https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.html
ORIGIN Group - configure 2 origins, mark one as primary, and the other as secondary. Configure status codes to trigger fail over. If primary origin returns one these configured status codes, CloudFront then sends the request to the secondary origin.
CloudFront is sort of stateless in this failover mode since it sends a request to primary origin first irrespective of what happened with the previous request.
Lambda@Edge can be executed twice during the failover, once for each origin CloudFront sends the request to.
Versioning is better than invalidation
secure sensitive data between cloudfront and your origin to encrypt sensitive fields like credit card numbers so that only the origin is able to decrypt them. provide a public key, and the field (up to 10) to be encrypted in a POST request. the origin can keep the private key which it’ll use to decrypt the field later. Link this config to a cache behaviour to tell cloudfront when to encrypt this field. prevents the data from being leaked unintentially by one of the microservices, which had access to this field, but didn’t really need it.
Commit to a monthly cloudfront usage for 1 year, and receive 30% discount for Cloudfront + free AWS WAF upto 10% of committed use
use price class to use only certain cloudfront locations and lower your bill. useful if your target customers are restrictricted to a particular geography or 2.
100 - US, Mexico, Canada, EU and Israel 200 - 100 + Africa, Asia All - 200 + Sourth America, AU, NZ
no charge for data transfer to cloudfront. cloudfront support HTTP or [[Web socket]] protocols use an Alias record on route53 to map an apex domain to cloudfront route53 doesn’t charge for alias record queries for cloudfront invalidate max 3000 objects if doing individually, or 15 paths if using wildcard POST, PUT, DELETE, PATCH requests are not cached, OPTIONS requests may be cached depending on the config
Backed by Lambda https://aws.amazon.com/blogs/networking-and-content-delivery/leveraging-external-data-in-lambdaedge/
CFF are 1/6th the cost, and execute in milliseconds, useful for things like normalizing requests for cache-keys, changing headers, redirects etc.
LAE is a more heavyweight option that runs at the regional edge location. Supports network connection. Useful for things like heavier workloads - streaming media?
NO, API Gateway ONLY supports HTTPS APIs. So use a cloudfront distribution to setup a redirect http --> https