*Author: [Vincent Lau](https://www.linkedin.com/in/vincent-lau-30435bb6/) Note: This material is intended for educational purposes only. All rights reserved. Any unauthorized sharing or copying of this material, in any form, to any individual or party, for any use without prior permission, is strictly prohibited.* # AWS Series - CloudFront In this chapter, we will setup AWS CloudFront Distribution for SSL offload before reaching our private network. It's common to use AWS CloudFront as a layer in front of the ALB/ EC2 instances.  ## What is AWS CloudFront ? **AWS CloudFront** is a fast and highly scalable content delivery network (CDN) service provided by Amazon Web Services (AWS). It helps deliver your content, including web pages, videos, images, and other static and dynamic files, to users around the world with low latency and high transfer speeds. ## Key features of AWS CloudFront **HTTPS Support**: CloudFront supports secure content delivery over HTTPS. You can use your own SSL/TLS certificate or leverage AWS Certificate Manager (ACM) to obtain a free SSL/TLS certificate for your domain. **Global Edge Network**: CloudFront operates through a global network of edge locations strategically located across the world. These edge locations are distributed across multiple continents and are designed to provide low-latency delivery to end users, reducing the distance and time required to transmit data. **Content Caching and Acceleration**: CloudFront caches your content at the edge locations, allowing subsequent requests for the same content to be served from the nearest edge location. This caching mechanism helps reduce the load on your origin server and improves the overall performance of content delivery. **High Scalability**: CloudFront automatically scales to handle varying levels of traffic and can accommodate traffic spikes without any manual intervention. It leverages the global network of edge locations to handle high request volumes efficiently. **Security and DDoS Protection**: CloudFront integrates with various AWS security services, such as AWS Shield and AWS Web Application Firewall (WAF), to provide protection against Distributed Denial of Service (DDoS) attacks and to help secure your applications and content. **Customizable Content Delivery**: CloudFront allows you to configure various caching behaviors, origin protocols, and content delivery options to suit your specific requirements. You can control cache behaviors, set TTL (Time to Live) values, enable dynamic content delivery, and configure routing based on request headers. **Real-time Monitoring and Analytics**: CloudFront provides real-time metrics, logs, and analytics through AWS CloudWatch, giving you visibility into the performance, usage, and health of your content delivery. You can monitor key metrics and set up alarms to track the performance of your distribution. **Integration with AWS Services**: CloudFront seamlessly integrates with other AWS services, such as Amazon S3, Amazon EC2, AWS Lambda, and more. This integration allows you to leverage CloudFront for various use cases, including serving static website content, streaming media, and accelerating APIs. With its global reach, scalability, and customizable features, AWS CloudFront enables you to deliver your content with high performance, low latency, and enhanced security to users worldwide. It is a valuable service for optimizing the delivery of web applications and content to improve user experience and application performance. ## Steps to Configure CloudFront **Step 1**: Login your AWS account (aws.com) **Step 2**: Select CloudFront **Step 3**: Use Virginia as Region (one of the region in US, you can also choose Asia Region)  **Step 4**: Create distribution - Create distribution  - Choose the Load-Balancer that you created in previous chapter.  - HTTP:80 only (This is the protocol to connect with the ALB/ EC2 instances)  - No Custom header in this execrise. - It's useful to identify the requests passed through CloudFront for SSL offload. - Redirect HTTP request(s) to HTTPS automatically.  - Allow most of the RESTful HTTP methods - Disable Cash Policy - CORS-CustomOrigin for Request header  - Response with "CORS-With-Preflight"  - No WAF setup in this execrise - Use all edge location - No CNAME  - Not required to use custom SSL certificate. Leave it empty. CloudFront will provide one to you. - Support HTTP 1.0/ 1.1/ 2.  - After the above config, you may "Create distribution". - You will find the domain name in main page.  ## Validate Result - Check out the result via postman - Invoke the CloudFront Distribution provide domain, the request traffic is redirected to the ALB that we configured in previous chapter.