A Content Delivery Network (CDN) is a network of servers around the world that cache your static assets, reducing the load on your primary web servers. CloudFront CDN from AWS is easy to use, quick to set up and inexpensive to use.
What is CloudFront?
There are two main uses for a CDN. Typically, they are used to host large static content that would be impossible to host on a traditional web server – things like large videos, images, or other large static media. CloudFront uses S3 for this; you can put all your images and videos in an S3 bucket and configure CloudFront to control that bucket.
Since CDN's content caches around the world, they are also used as another cache layer for your entire website. For many pages, you do not need to operate it directly from your web server. Especially for WordPress sites, where server-side processing takes place for every request, this can put a lot of strain on your servers. Instead, CloudFront sits in front of it and does most of the taxing.
CloudFront is not that expensive in terms of costs. You simply pay based on data transferred (like most AWS services) and the number of HTTP requests offered. Prices for data transfers vary by region, but are
$ 0.020 per GB for the US and the EU. Request prices are
$ 0.01 per 10,000 HTTPS requests. This is comparable to other competitors such as Fastly.
Request a certificate from ACM
If you plan to use your own URL (instead of
*. Cloudfront.net ), you must request a new SSL / TLS certificate from AWS & # 39; s Certificate Manager (ACM). For some reason, there is no way to renew the drop-down list for choosing a certificate when setting up a CloudFront distribution, so you need to request this certificate in advance.
It's worth noting that this is actually completely free SSL – a service many companies charge hundreds of dollars. While LetsEncrypt offers free SSL, it needs to be refreshed every few months with a cron task (granted, it is automatically configured so it's not a huge hassle). However, certificates delivered with ACM will automatically renew and never expire as long as they are in use.
Go to the ACM Management Console and submit a new public certificate. Enter the domain names you will be using (eg
*. Yourdomain.com ).
For each domain you need to verify that you own it by creating a new CNAME record in your DNS. If you are using AWS's own Route 53 DNS, you can click the button to create these records automatically.
This may take a few minutes to process. Once validated, you will see the orange "Pending Validation" change to a green "Issued" and you can proceed to set up CloudFront.
Getting Started with CloudFront
Go to the CloudFront Management Console, and create a new web distribution. The other option is RTMP, used only for live video streaming. In most cases, web is probably what you are looking for.
First you need to configure your origin. If you are using an S3 bucket, you can select the bucket from this drop-down list. If you are using a Load Balancer for your EC2 instances, you must select it. Otherwise, enter the URL of your site.
You want to enter your site name for the Origin ID, which is only used to identify it to CloudFront. If you want, you can also set custom headers that CloudFront will send to your site when you make a pull request.
The default is to use both HTTP and HTTPS. You probably need to redirect all traffic to HTTPS. Make sure you are not & # 39; HTTPS only & # 39; because it causes all HTTP traffic to get an error instead of being redirected.
Next, you need to determine how you want to handle caching. If you leave the default setting "Use Origin Cache Headers", CloudFront will use your web server's
Cache-Control headers .
You can also choose to use CloudFront's custom behavior. system. Regardless, you have to manually secure routes you don't want to cache – things like authenticated user pages should never be cached.
Under SSL certificate, choose a custom SSL certificate from ACM. Select the certificate you created earlier.
That should be all the configuration you need. Click & # 39; Create Distribution & # 39 ;. It takes about twenty minutes for CloudFront to have everything ready (there are many edge locations to configure). When it's done, you should see your distribution 'Enabled' is.
However, you cannot access it yet through your custom URL. Copy under & # 39; Domain Name & # 39; the domain name of your distribution, which should look something like this:
You want to add this as a CNAME record to your DNS. This requires two DNS lookups, so if you're looking for performance, you'll want to switch to AWS's own Route 53 DNS service, which offers the ability to create "A Alias" records, which dynamically move to a specific AWS source.
Once your DNS is updated, your distribution should be available from your own domain name.
Configure Custom Caching
If you choose to use CloudFront's custom cache settings, you will need to add more rules for specific routes, under the "Behavior" tab.
To prevent a path from being cached, enter zero for the maximum and default TTL. You can also manually choose to get the
Cache-Control headers of origin for certain paths, even if you have set a default, site-wide TTL.