• When content is cached, it is done for a certain time limit called the Time To Live, or TTL, which is always in seconds
    • If needed, CloudFront can serve up entire websites including dynamic, static, streaming and interactive content.
    • Requests are always routed and cached in the nearest edge location for the user, thus propagating the CDN nodes and guaranteeing best performance for future requests.
    • There are two different types of distributions:
      • Web Distribution: web sites, normal cached items, etc
    • Edge locations are not just read only. They can be written to which will then return the write value back to the origin.
    • Cached content can be manually invalidated or cleared beyond the TTL, but this does incur a cost.
    • You can invalidate the distribution of certain objects or entire directories so that content is loaded directly from the origin every time. Invalidating content is also helpful when debugging if content pulled from the origin seems correct, but pulling that same content from an edge location seems incorrect.
    • You can set up a failover for the origin by creating an origin group with two origins inside. One origin will act as the primary and the other as the secondary. CloudFront will automatically switch between the two when the primary origin fails.
    • Amazon CloudFront delivers your content from each edge location and offers a Dedicated IP Custom SSL feature. SNI Custom SSL works with most modern browsers.
    • If you run PCI or HIPAA-compliant workloads and need to log usage data, you can do the following:
      • Enable CloudFront access logs.
      • Capture requests that are sent to the CloudFront API.
    • CloudFront signed URLs and signed cookies provide the same basic functionality: they allow you to control who can access your content. These features exist because many companies that distribute content via the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users. As an example, users who have paid a fee should be able to access private content that users on the free tier shouldn’t.
    • If you want to serve private content through CloudFront and you’re trying to decide whether to use signed URLs or signed cookies, consider the following:
      • Use signed URLs for the following cases:
        • You want to use an RTMP distribution. Signed cookies aren’t supported for RTMP distributions.
        • You want to restrict access to individual files, for example, an installation download for your application.
        • Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.
      • Use signed cookies for the following cases:
        • You want to provide access to multiple restricted files. For example, all of the files for a video in HLS format or all of the files in the paid users’ area of a website.