Overview

The CloudFront is fast and secured content delivery network that delivers static and dynamic contents of web applications with low latency from the edge locations close to app users. The content on the CloudFront can be secured by using security services such an IAM policies, WAF, HTTP security headers and Encrypting data at rest and Transits. AWS provides 205 edge locations across regions to serve content from the location close to user accessing these contents. AWS CloudFront provides Lambda@Edge feature to further enhance security, performance, and availability of the content to end user. LTI has deep experience and expertise in building highly secured and efficient web applications and dynamic video content streaming use cases across domains using cloud native architecture and different content delivery network like AWS CloudFront and Akamai CDN
To accelerate web application development, enterprises should develop a reusable content delivery layer that applications use to improve web-content performance including static files and dynamic content. This layer should provide capabilities to prevent roundtrips and reduce latency of web content requests to improve web page performance, enhance security, enable CORS capabilities and support for cache-invalidations. Few of the best practices and key learnings on AWS CloudFront from our engagement with various customers are highlighted below

Key Learnings and Best Practices

Reusable caching layer
Enterprises should build reusable caching layer for web applications workload to improve web-content performance (of both static and dynamic content), through CloudFront CDN (CDNs), AWS cloud PaaS services and Well Architected Framework (WAF). This reusable caching layer would help to bring standardization and unified security mechanism to access static and dynamic web contents.
Right strategy for cache invalidation
Enterprises need to have right strategy for cache invalidation from CloudFront to ensure contents in the cache are latest and reduce cache invalidation request. There are many ways we can invalidate CloudFront cache such as by defining appropriate TTL In the header, using AWS CloudFront API and by enabling versioning on cache content. Enterprise should use any or combination of these methods to define right cache invalidation strategy as per business needs.
Data protection
To protect data at rest and in transit, following measures can be taken:
  • Use SSL/TLS encryption between the end user and CloudFront to protect the data.
  • CloudFront’s field-level encryption capability can be used to encrypt sensitive data before a POST request is forwarded to your origin.
  • Server-side encryption (SSE) can be enabled on origin servers to protect data at the rest.
  • Protecting access to secured static and dynamic content by role-based access control.
  • Ensuring confidentiality and integrity of data using encryption.
  • Blocking bad requests, AWS Shield for DDoS mitigation.
  • Externalized security configuration using security vault.
Cost optimization
To optimise cost of web Content caching component, following measures can be taken:
  • Use cache-control tag to control time to live span for object.
  • Use right region for S3 bucket and edge because in/out data transfer price per request is lower if both S3 and edge locations are close to user.
  • Configure object lifecycle policy on S3 bucket to transfer less frequently used objects to cheaper storage options viz S3 IA, Glaciers for Content Retention.
  • Minify static and dynamic contents before hosting on S3 bucket.
Reliability
To improve fault tolerance of web applications which have high availability requirements, we should configure content origin S3 bucket in multi-region.
Operational excellence
Logging and monitoring are crucial to ensure reliability, availability, and performance web applications. The solution should implement observability using right combination of open-source tools and cloud PaaS services. Single cloud or multi-cloud strategy should be taken into consideration for deciding on the observability tools and solution.

Our Experiences

Large scale application modernization for leading American multinational leading consumer good corporation
LTI has helped to modernize HR portfolio to serverless Cloud Native application for improving the employee efficiency and reducing the cost of ownership. The solution uses AWS CloudFront as content delivery network to serve static and dynamic contents for employees across globe. The security of the static and dynamic content is enhanced by using WAF, IAM policies and security best practices for Lambda@Edge services.
Building workflow platform for American multinational oil and gas corporation
LTI has helped customer to build platform to enable engineers to review and approve about 15,000 documents in span of 10 working days. The solution has helped customer to improve operational efficiency of employees and enable them to speed up accelerate document approval process. The solution uses AWS CloudFront as Content delivery network for serving static and dynamic contents to application users with the optimal performance.

LTI’s Service Offerings for CloudFront

1. Consulting
Our consulting service offering focusing on tool-based, and domain led application assessment using LTI infinity platform and design thinking approach. This assessment helps to build target cloud architecture for Web applications using AWS cloudfront as Content delivery network. LTI also helps customer to evaluate cloudfront CDN against other commercial CDNs such as Akamai, Microsoft CDN against cost, performance, caching, and security capabilities of CDN providers.
2. Application Modernization
LTI has deep expertise in transforming customer facing web applications into cloud native or serverless PaaS based architecture. LTI helps customers to improve performance of website using CloudFront as content delivery network for static and dynamic content. With our deep expertise and experience in CloudFront, LTI ensures high security standards are maintained for the contents hosted on CDN networks using encryptions and lambda edge services.
3. DevOps Engineering
LTI DevOps engineering services helps to instantly configure CloudFront to accelerate App development and automated App deployments.

LTI’s Accelerators

This platform is equipped with efficiency kits for application assessment, development, deployment, FinOps, Operations and DevOps tools to accelerate web application development.
PaaSify App Assessment framework for understanding health of the legacy applications. Technology insights gathered through this assessment helps to define target web application architecture.
Architecture blueprints and best practices Web application architecture blueprints and best practices helps to rightly implement CloudFront CDN to ensure optimum security and performance in delivering static and dynamic content.
Canvas DevOps Self-service DevSecOps platform helps to automate configuration of CloudFront CDN and automated application deployments.

Conclusion

AWS CloudFront can enhance web application content delivery to the end-user and enhance their experience. The right use of caching strategy, Well Architected Framework, best practices and tools will help to enhance speed, cost, availability, and security.
With LTI Infinity platform, architecture blueprints and best practices LTI has helped customers across Banking, Insurance, Media, Manufacturing, Utility to modernize or develop their customer facing applications portfolio using AWS cloudfront CDN.

Case Studies

Application Modernization for US-based
Modernization of the Enterprise with Advanced Workflows to Accelerate Business Decisions
Application Modernization for US-based Multinational ConglomerateRead More
Leading American Oil and Gas corporation
Improving Employee Efficiency and Tracking with the Modernize Employee Portal
Leading American Oil and Gas corporationRead More

Have a challenge for us? Let’s Solve