Learning Objectives: • Learn how to use CloudFront dynamic delivery features • See a live demo and learn how to take advantage of Cloud Front newest features Traditionally, content delivery networks (CDNs) were designed to accelerate static content. Amazon CloudFront supports delivery of an entire website, including dynamic, static, streaming and interactive content using a global network of edge locations. CloudFront integrates with other AWS services that are built to scale massively. Together, the solution can automatically scale to millions of users by leveraging the global reach of CloudFront and the auto scaling capability of AWS platform. In this talk, we introduce you to various design patterns and best practices to build a massively scalable solution using CloudFront. We discuss how this scale can be achieved without compromising on availability, security or cost.

1. Scaling to Millions of Users in the
Blink of an Eye with Amazon
CloudFront: Are you Ready?
April 25, 2017
Nihar Bihani
Sr. Manager, Product Management, Amazon CloudFront
@cloudfront

2. Could this be you?
• Have you had to prepare for a big online event (launch,
announcement, presentation)?
• Have you had a surprise surge in traffic you didn’t
expect?
• Has there been outages or performance issues related
to these traffic spikes?
@cloudfront

3. Today’s session
• (A) Understand the types of events that could cause
large traffic spikes
• (B) Learn how CloudFront helps with these challenges
• (C) Review CloudFront best practices to further
prepare for large scale events
@cloudfront

4. (A) Understand the types
of events that could
cause large traffic spikes
@cloudfront

5. Type #1: Anticipated surge
• New product launch or a marketing promotion
• Live broadcast
• Partner conducts a “load test”
@cloudfront

6. Type #2: Going viral
• Article picked up by major news outlet
• Twitter pickup
• Social media campaign has larger impact than
anticipated
@cloudfront

7. Type #3: Undesired traffic
• Application DDoS
• Bots & Scrapers
@cloudfront

8. But if we don’t anticipate the
traffic, how do we plan for it?
@cloudfront

9. Regardless of type
• Preparation is independent of cause
• Most common failure points are incorrect caching
policies and an unscaled origin
@cloudfront

10. 25,000 RPS
25,000 RPS
25,000 RPS
25,000 RPS
5,000 Mbps
5,000 Mbps
5,000 Mbps
5,000 Mbps
Network
Hosts
Clients Clients
Typical architecture
@cloudfront

11. Impact of flash crowds
• High request rates happen faster than application
scales, creating 500-series errors
• High data transfer volume saturates network interfaces,
increasing retransmits and “browning out” the network
Not only will latency be increased, but some users won’t
get any content at all!
@cloudfront

12. Poll
Have you experienced an outage or
a performance issue due to a large
traffic spike to your application?

13. (B) Learn how CloudFront
helps with these challenges
@cloudfront

14. Level Set: What is a CDN and Why Use One?
• Content Delivery Network
• Large Distribution of Caching Servers
• Routes Viewers to the Best Location
• Caches Appropriate Content at the Edge
• Accelerates Dynamic Content
• Provides Security, Scalability and Performance of Applications
@cloudfront

15. Amazon CloudFront
• Global Content Delivery Network with Massive Capacity
• Optimized for Performance and Scale
• Built in Security Features
• Self-Service, Full Control Configurations
• Real-Time Metrics & Alarms
• Static and Dynamic Object and Video Delivery
Amazon
CloudFront
@cloudfront

16. Dynamic
Static
Video
User
Input
SSL
Amazon CloudFront: Whole Site Delivery
@cloudfront

17. Elastic Load
Balancing
Dynamic Content
Amazon EC2
Static Content
Amazon S3 Custom Origin
OR
OR
Custom Origin
Amazon CloudFront
example.com
*.jpg
*.php
Accelerate ALL Types of Content
@cloudfront

18. How CloudFront helps…
@cloudfront

19. #1 - Global Content Delivery Network
North America
Cities: 19
PoPs: 26
South America
Cities: 2
PoPs: 3
Rio de Janeiro, Brazil (2)
São Paulo, Brazil
Europe / Middle East / Africa
Cities: 15
PoPs: 24
Amsterdam, The Netherlands (2)
Berlin, Germany
Dublin, Ireland
Frankfurt, Germany (5)
London, England (4)
Madrid, Spain
Marseille, France
Milan, Italy
Munich, Germany
Paris, France (2)
Prague, Czech Republic
Stockholm, Sweden
Vienna, Austria
Warsaw, Poland
Zurich, Switzerland
Ashburn, VA (3)
Atlanta, GA (3)
Chicago, IL
Dallas/Fort Worth, TX (2)
Hayward, CA
Jacksonville, FL
Los Angeles, CA (2)
Miami, FL
Minneapolis, MN
Montreal, QC
Newark, NJ
New York, NY (3)
Palo Alto, CA
Philadelphia, PA
San Jose, CA
Seattle, WA
South Bend, IN
St. Louis, MO
Toronto, ON
CloudFront Regional Edge Caches
Regional Edge Caches: 11
Oregon, N. Virginia, Ohio, Frankfurt,
London, Sao Paulo, Mumbai, Singapore,
Seoul, Tokyo, Sydney
74 CloudFront Edge Locations (PoPs), 11 Regional Edge Caches (PoPs), 48 Cities, 5 Continents
Edge
location
AWS Region /
Regional Edge Cache
Regional Edge
Cache
Asia Pacific
Cities: 12
PoPs: 20
Chennai, India
Hong Kong, China (3)
Manila, the Philippines
Melbourne, Australia
Mumbai, India (2)
New Delhi, India
Osaka, Japan
Seoul, Korea (3)
Singapore (2)
Sydney, Australia
Taipei, Taiwan
Tokyo, Japan (3)

20. Latency Based Routing
• What matters to customers is end-user latency
• Continuously learn latency distance from billions of real user
measurements
@cloudfront
Singapore
DNS Resolver
Singapore
TCP Connect 1.2.3.4
HTTP/1.1
GET /example.jpg
DNS response
d123.cloudfront.net
1.2.3.4
DNS query
d123.cloudfront.net
Routing Engine Maps
Resolvers/Viewer Networks =>
Edge Location
Tokyo
1.2.3.4
Anonymous Latency
measurements from real
users

21. Support for EDNS0 Client Subnet
• Client-subnet extension to DNS allows a portion of the
viewer's IP address to be supplied in DNS requests
• Map viewer networks to optimal edge locations
@cloudfront

22. CloudFront Regional Edge Caches
Europe
Frankfurt, Germany
London, EnglandNorth America
N Virginia,
Oregon,
Ohio
Asia Pacific
Mumbai, India
Singapore
Sydney, Australia
Seoul, South Korea
Tokyo, Japan
South America
São Paulo, Brazil
11 Regional Edge Caches around the world..
@cloudfront

23. CloudFront Regional Edge Caches
Origin
Regional Edge Cache
Reducing load on CloudFront origin resources
Origin
Edge Locations
Previous Architecture New Default Architecture
@cloudfront

24. #2 – Built-In Content Optimizations
 Collapse multiple requests for the same object back to the
origin
 Serve stale content when origin is unavailable
 Video optimizations for Smooth Streaming
@cloudfront

25. #3 – Default Network Optimizations
 TCP Window Scaling & Persistent TCP Connections to
reduce Round-Trip Time
 Amazon Global network
@cloudfront

26. #4 – End-to-End Security
 HTTPS delivery with SSL/TLS termination close to viewers
 High security ciphers
 Perfect Forward Secrecy
 TCP Fast Open
 Caching Session Tickets
 Online Certificate Status Protocol (OCSP) Stapling
@cloudfront
edge
location
Origin
User Request A

27. Pop Quiz
Are there performance benefits in
delivering dynamic content via
CloudFront?

28. (C) CloudFront best
practices to further prepare
for large scale events
@cloudfront

29. #1
Use Caching
@cloudfront

30. Use caching up and down the stack
• Database access: Amazon ElastiCache
• Origin web tier: Squid/Varnish/Nginx
• Edge: Amazon CloudFront
• Browser
@cloudfront

31. Caching protects servers
2,500 RPS
Network
Hosts
Clients Clients
Cache
2,500
RPS
2,500 RPS
2,500
RPS
Cache

32. Caching protects network
500 Mbps
Network
Hosts
Clients Clients
Cache
500
Mbps
500 Mbps
500
Mbps
Cache
@cloudfront

33. Browser Caching
• Set max-age or expiry date in your headers
(e.g. Cache-Control: max-age=3600)
• HTML5 application cache
• Helps eliminate network latency
• But… browser cache size is limited
(e.g. IE is 8-50M, Chrome is < 80M, Firefox is 50MB, etc.)
@cloudfront

34. CloudFront Edge Caching
• Set High TTLs for intermediary caches
(e.g. Cache-Control: max-age=3600, s-maxage=86400)
• Don’t forward Headers, Query Strings or Cookies
Note: You do need to forward the relevant headers if you’re doing CORS
• In other words, use CloudFront defaults
@cloudfront

35. #2
Cache everything Possible
(including Dynamic Content)
@cloudfront

36. Cache Everything Possible
CloudFront supports TTLs as low as 0 seconds, no-cache, no-
store, etc.
Most content can be cached, even if it is for a few seconds
Benefits of setting a low TTL
• CloudFront supports “If-Modified-Since” and “If-None-Match” when object in the cache has
expired
• CloudFront will serve stale content if origin is unavailable and object is in cache
• Helps you offload your origin load
@cloudfront

37. #3
Use multiple cache behaviors
@cloudfront

38. Use Multiple Cache Behaviors
ONLY forward required headers
• Example: don’t forward cookies for /images
Avoid forwarding the User-Agent header
• Instead use the Is-Mobile-Viewer, Is-Tablet-Viewer, Is-Desktop-Viewer, or Is-SmartTV-Viewer header values
Avoid forwarding ALL cookies
• Instead, forward only the select cookies that you use to vary your content
@cloudfront

39. #4
Optimize the end-to-end
Network Path
@cloudfront

40. Use HTTP/2 and Configure Keep-Alive Timeout
• Enable HTTP/2 between CloudFront and Clients. HTTP/2 is a
major revision of the HTTP protocol and uses several features to
make page loading and rendering faster:
− Multiplexing: allows multiple requests between client and CloudFront at the same time
over a single connection
− Header compression: Reduces overhead bytes downloaded by client, especially useful
for mobile clients
− Stream priority: Enables client to control order in which web assets are delivered
• Keep Alive Timeout. You can now configure the maximum time that
CloudFront will maintain an idle connection with a custom origin
server before closing it.
@cloudfront

41. #5
Scale your origin
@cloudfront

42. Using Auto Scaling effectively
in web applications
@cloudfront

43. #6
Let your origin do only the
work it needs to do
@cloudfront

44. Use Amazon S3 for Static Assets
• Free data transfer from Amazon S3 to CloudFront
• Decrease load on web server
• Highly available & scalable
@cloudfront

45. Pop Quiz
Can you run custom compute at a
CloudFront location?

46. Use Lambda@Edge
• Lambda@Edge is an extension of AWS Lambda that allows you to run
Node.js code at AWS global edge locations.
• Bring your own code to the edge and customize your content very close to
your users, improving the end-user experience.
Continuous
scaling
No servers
to manage
Never pay for idle
– no cold servers
Globally
distributed
@cloudfront
Sign up for preview: https://pages.awscloud.com/lambda-at-edge-preview.html

47. CloudFront Triggers for
Lambda@Edge Functions
@cloudfront

48. • User Properties – Identify a user’s location
• Client Device properties - Delete or modify
headers
• A/B Testing - “Flip a coin” to select a version of
content
• Ad content - Rewrite URLs
• Pretty URLs – Avoid revealing your origin
directory structure
Content Customization
@cloudfront

49. Visitor Validation
• Handling bots
• Detect search engine bots and filter traffic
• Confirm valid sessions
• View user-agent to confirm legitimacy of
request
@cloudfront

50. #7
Configure Custom Error
Pages
@cloudfront

51. Always Configure Custom Error Pages
Custom error pages help improve
customer experience
Deliver error pages from Amazon
S3
Set low error caching minimum
TTL (e.g. 15 seconds)
@cloudfront

52. Poll
Have you looked into securing your
cloud infrastructure at the edge?

53. #8
Use AWS WAF
@cloudfront

54. What is AWS WAF
@cloudfront
https://aws.amazon.com/waf/

55. HTTP floods
Scanners and probes
SQL injection
Bots and scrapers
IP reputation lists
Cross-site scripting
Preconfigured Protection
@cloudfront

56. CloudFront: How To Get Started
@cloudfront

57. CloudFront Getting Started
CloudFront Free Tier
@cloudfront
Using Amazon S3?
CloudFront Developer Guide: Using
CloudFront with Amazon S3
Using Elastic Load Balancing?
https://aws.amazon.com/cloudfront/webi
nars/#slack-video

58. Upcoming Amazon CloudFront Office Hours
CloudFront Office Hours
Thursday, April 27th, 2017 10:00 am PDT
How do you register?
https://aws.amazon.com/cloudfront/events/
@cloudfront

59. Questions?
@cloudfront

60. Thank You
@cloudfront
https://aws.amazon.com/cloudfront/getting-started/