2. 본 강연에서 다룰 내용
CDN관련된 AWS서비스의 개요
CDN을 활용하여 성능/보안/비용측면 개선해보기
Lambda@Edge를 활용한 기능 구현해보기
- 원본 스토리지 이전 문제
- 전처리 광고 구현해 보기
- Adaptive Contents Delivery 구현해보기
기타 CloudFront사용 TIP
(ROUTE53, CLOUDFRONT, SHIELD, WAF, Lambda@Edge)
9. CloudFront
정적/동적 컨텐츠 가속 서비스
HTTP/HTTPS 서비스, Custom SSL 지원
커스텀 오류 응답
쿠키/헤더 오리진 서버 전달
다양한 통계 보고서
컨텐츠 보안 : Signed URL, Signed Cookie
API 호출 감사 : CloudTrail 연계
업로드 가속
AMAZON CLOUDFRONT
11. Ashburn, VA (3)
Atlanta, GA (3)
Chicago, IL
Dallas/Fort Worth, TX (2)
Hayward, CA
Jacksonville, FL
Los Angeles, CA (2)
Miami, FL
Minneapolis, MN
Montreal, QC
Newark, NJ
New York, NY (3)
Palo Alto, CA
Philadelphia, PA
San Jose, CA
Seattle, WA
South Bend, IN
St. Louis, MO
Toronto, ON
North America
Cities: 19
PoPs: 27
South America
Cities: 2
PoPs: 3
Rio de Janeiro, Brazil (2)
São Paulo, Brazil
Europe / Middle East / Africa
Cities: 15
PoPs: 24
Amsterdam, The Netherlands (2)
Berlin, Germany
Dublin, Ireland
Frankfurt, Germany (5)
London, England (4)
Madrid, Spain
Marseille, France
Milan, Italy
Munich, Germany
Paris, France (2)
Prague, Czech Republic
Stockholm, Sweden
Vienna, Austria
Warsaw, Poland
Zurich, Switzerland
Asia Pacific
Cities: 12
PoPs: 20
Chennai, India
Hong Kong, China (3)
Manila, the Philippines
Melbourne, Australia
Mumbai, India (2)
New Delhi, India
Osaka, Japan
Seoul, Korea (3)
Singapore (2)
Sydney, Australia
Taipei, Taiwan
Tokyo, Japan (3)
CloudFront Regional Edge Caches
Regional Edge Caches: 9
Oregon, N. Virginia, Frankfurt, Sao Paulo,
Mumbai, Singapore, Seoul, Tokyo, Sydney
Edge
location
AWS Region /
Regional Edge
Cache
Regional Edge
Cache
74 CloudFront Edge Locations (PoPs), 9 Regional Edge Caches (PoPs), 48 Cities, 5 Continents
22. CDN
(CloudFront)
/*.* (DEFAULT)
/images/*
/*.css
ORIGIN A: web
ORIGIN B : Images
GET http://www.example.com/do?login to ORIGIN A
GET http://www.example.com/images/logo.jpg to ORIGIN B
GET http://www.example.com/css/main.css to ORIGIN C
ORIGIN C : CSS
Path Pattern Matching
40. Amazon
Sheild
Amazon
WAF
Layer 3/4 보호
자동 탐지 및 대응
일반적인 공격유형방어
(SYN/UDP Floods, Reflection Attacks등)
AWS 서비스 결합
Layer 7 보호
Layer7 Application방어
Custom Rule기반
웹트래픽 필터링
악의적인 요청 차단
43. Access Control to Origin
Amazon S3 Custom Origin
Origin Access Identify(OAI) Block by IP address
Prevents direct access to your
Amazon S3 bucket
Ensure performance benefits to all customers
Whitelist only the Amazon CloudFront IP Range
Protects origin from overload
Ensure performance benefits to all customers
44. Auto updated CF IP Range
CDN
(CloudFront)
Amazon
SNS
AWS
Lambda
security group
Update
IP Range
SNS
Message
Updating
IP Range
53. Security Enhancements
Signed URL
Signed Cookies
Enforce HTTPS to origin
Support iOS ATS
Support for TLSv1 .1 and TLSv1.2 between edge and origin
Add/Modify Request Headers Forwarded From CloudFront to Origin
Integration with AWS Certificate Manager (SNI Certs from Amazon)
Integration with AWS WAF (web application firewall)
Geographic Restriction
IPv6 Support
59. Based
3rd Party Solution
WiseN Monitoring System
AWS Cloud Watch
24x7x365
Monitoring System 전문화된 NOC 운영
(Network Operation Center)
Price
Discount
Program
Managed
CloudFront
Program
64. Lambda@Edge Limits
Max memory setting 128 MB
Maximum duration 50 ms
Size of code/dependencies that you can zip into a
deployment package (uncompressed zip/jar size)
1 MB
Maximum Global TPS 100
86. 본 강연이 끝난 후…
blog.wisen.co.kr
www.studyforcloud.com
을 통해 Lambda@edge Source code를 다운로드 받으실수
있습니다.
16:20 – 17:00 Track3_그랜드볼룸 103
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략
88. https://www.awssummit.kr
AWS Summit 모바일 앱을 통해 지금 세션 평가에
참여하시면, 행사 후 기념품을 드립니다.
#AWSSummitKR 해시태그로 소셜 미디어에
여러분의 행사 소감을 올려주세요.
발표 자료 및 녹화 동영상은 AWS Korea 공식 소셜
채널로 곧 공유될 예정입니다.
여러분의 피드백을 기다립니다!