To use this service, customers create a CloudFront distribution, configure their origin (any origin that has a publicly accessible domain name), attach a valid TLS certificate using Amazon Certificate Manager, and then configure their authoritative DNS server to point their web application’s domain name to the distribution’s generated domain name. CloudFront, a foundational component for web applicationsĪmazon CloudFront is Amazon’s Content Delivery Network (CDN). In this blog, I explain how online applications can be well-architected using CloudFront and Global Accelerator. AWS edge services also employ advanced DDoS mitigation techniques such as SYN Proxy, which provides protection against SYN floods by sending SYN cookies to challenge new connections before they are allowed to continue upstream. AWS edge services customers benefit from a larger and more distributed DDoS mitigation systems, providing a mitigation capacity of multiple hundreds of Tbps across PoPs. In addition to performance and reliability, AWS edge services help customers enhance their resiliency against infrastructure Distributed Denial of Service (DDoS) attacks.
The AWS Global Infrastructure is a purpose-built, highly available, and low-latency private infrastructure built on a global, fully redundant, metro fiber network that is linked via terrestrial and trans-oceanic cables across the world.įigure 1: A map of the AWS Global Infrastructure network
Users are served from these PoPs within 20 to 30 milliseconds on average, and, when needed, their traffic is carried back to customers’ regional infrastructure over the AWS global network instead of going over the public internet. Customers who want to address the drawbacks of traversing uncontrolled networks in terms of performance and reliability should consider adding AWS edge services to their architectures.ĪWS edge services like Amazon CloudFront and AWS Global Accelerator, operate across hundreds of worldwide distributed Points of Presence (PoPs) outside of AWS Regions.
In the specific case of online applications, user traffic may traverse multiple public networks to reach an AWS customer’s regional infrastructure. An AWS Region is a physical location where AWS clusters data centers and operates regional services, like AWS Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). Worldwide, millions of customers are actively using AWS to build applications for every imaginable use case, with a variety of regions in which they can deploy infrastructure.