Amazon Edge Services

Wesley Wilk

Solutions Architect

Agenda

AWS WAF

CloudFront

Route 53

CloudFront

Content Distribution Network

Cost Optimization

Performance

Security

Automatic Scalability

CloudFront scales with

demand while reducing

load on your origin

User A

User B

User C

Request A

OriginCloudFront

9 Regions 46 Edge Locations

CloudFront’s Global Customer Reach

http://aws.amazon.com/about-aws/globalinfrastructure/

Edge Location

AWS Region

Europe

Amsterdam (2)

Dublin

Frankfurt (3)

London (3)

Madrid

Marseille

Milan

Paris (2)

Stockholm

Warsaw

South America

Rio de Janeiro

Sao Paulo

North America

Ashburn, VA (3)

Atlanta, GA

Dallas, TX (2)

Hayward, CA

Jacksonville, FL

Los Angeles, CA (2)

Miami, FL

Newark, NJ

New York, NY (3)

Palo Alto, CA

Seattle, WA

San Jose, CA

South Bend, IN

St. Louis, MO

Asia

Chennai

Hong Kong (2)

Manila,

Melbourne

Mumbai

Osaka

Singapore (2)

Seoul

Sydney

Taipei

Tokyo (2)

An extensive global network

Locations highlighted in red indicate new in last 12 months

Elastic Load

Balancing

Dynamic Content

Amazon EC2

Static Content

Amazon S3 Custom Origin

OR

OR

Custom OriginAmazon CloudFront

example.com

*.jpg

*.php

Delivering Customer Experience

NASA/JPL

10

Amazon CloudFront - Broad Range of Use Cases

News, Weather, Sports, & Social

Media

Large File

Downloads

E-commerce

Media Gaming

Popular CloudFront Features

Video Streaming

• Adaptive Bitrate Live & VOD Streaming (HLS, HDS, Smooth. MPEG-DASH)

• RTMP (Flash) and HTTP(S) delivery

Security

• Private Content

• Custom SSL Support

• Geo Restriction

Content Management

• AWS Management Console

• Full control via APIs

• Programmatic Invalidation

• Access Logs

• Usage Charts

Dynamic Content Acceleration

• Low Content Expiration Periods (TTL=0)

• Device Detection

• CORS Support

• Geo Targeting

• Multiple Cache Behaviors

• Multiple Origin Servers

• Zone Apex Support

• Query String & Cookie Support

• Put/Post HTTP Verb Support

Price Flexibility

• Pay for Use

• Price Classes

• Reserved Capacity Private Pricing

11

POST /2012-07-01/distribution HTTP/1.1

Host: cloudfront.amazonaws.com

Authorization: AWS authentication string

Date: time stamp

Other required headers

<?xml version="1.0" encoding="UTF-8"?>

<DistributionConfig

xmlns="http://cloudfront.amazonaws.com/doc/2012-07-01/">

Manage Your Content Your Way

API Console

US East

54.172.163.146East-1681410680

CloudFront

Image Bucket

CloudFront Demo

d37ji516vqgs9p.cloudfront.net

Web Application Firewall (WAF) Integration

• Protect your site from application-layer attacks

• Create web ACL’s containing rules and actions

• Attach web ACL to a CloudFront distribution

• Rule Examples:– Block traffic from specific IP addresses or ranges

– Block specific strings in the URI

– Guard against various forms of SQL injection

AWS WAF Demo

Route53

Domain Name Server (Public, Private) & Domain

Registration

• Fast, uses anycast network of DNS servers

• Cost Effective

• Secure

• Highly Available

• Region Independent

• DNS resolution within and among AWS VPCs

• Purchase a new domain name or transfer the management of your existing domain name to Route 53.

Routing To Regions

Algorithms

• Weighted Round Robin

• Least Latency (~GeoBased)

• Failover

US-East

EU

Health Checks

• DNS Failover, Defined by customer

US-East

EU

X

Zone Apex Support

"Zone apex" is the root domain of a website (example.com, without the

www).

Problem: The DNS specification requires "zone apex" to point to an IP

address (an ‘A’ record), not a CNAME (such as the name AWS provides

for a CloudFront distribution, ELB, or S3 website bucket).

Solution: Use Route 53’s ALIAS record.

Zone Apex Support

• Route 53 helps make it easy and reliable to configure a zone apex

record (Route 53 calls this an ‘Alias’ record) for AWS resources.

• You can now use CloudFront to deliver content from the root

domain, or "zone apex" of their website – i.e. configure both

http://www.example.com and http://example.com to point at the

same CloudFront distribution.

• It’s free – ‘Alias’ queries that are mapped to a CloudFront

distribution are provided free of charge.

US EastUS West - Oregon

54.172.163.146East-1681410680Image Bucket

Route 53

52.10.26.174

Route 53 Demo – Weighted Round Robin

OregonLB-1000846678

meetup.myorangecloud.org

Route 53 Traffic Flow

• Traffic Flow offers a visual interface in which users can drag and

drop elements of traffic routes into a graphical diagram for easier

management.

• Traffic Flow also includes a versioning feature that allows rollback to

previous versions of routing policies.

• This feature can greatly simplify complex routing configurations

• Traffic flow also lets you route traffic to non-AWS resources

Route 53 Traffic Flow Demo

Single Endpoint in a Nutshell

Static Videos/Images

Ad-US

Ad-EU

Single Endpoint

myapps.com/ads/

myapps.com/inventory/

myapps.com/click-through/

CloudFront

Route53

Click-US

Click-EU

Route53

Route53