Introduction

AWS CloudFront is a content delivery network (CDN) service provided by Amazon Web Services (AWS). It is designed to deliver content, including static and dynamic web assets, streaming video, and APIs, to users with low latency and high transfer speeds. CloudFront works by distributing content through a worldwide network of data centers called edge locations.

Key Features and Characteristics

1. Global Content Delivery: CloudFront uses a network of edge locations worldwide to cache and serve content closer to end-users, reducing latency.
2. Integration with AWS Services: Seamlessly works with other AWS services like S3, EC2, and Elastic Load Balancing.
3. Security Features:
   • HTTPS Support: Enables secure content delivery using SSL/TLS certificates.
   • AWS Shield: Provides DDoS protection.
   • AWS WAF Integration: Offers web application firewall capabilities.
4. Origin Shield: An additional caching layer to reduce the load on your origin servers.
5. Real-time Metrics: Provides detailed analytics and reporting through CloudWatch.
6. Customizable Behaviors: Allows configuration of content delivery based on URL patterns, headers, and more.

SSL/TLS Certificate Requirements

Important Note: CloudFront requires SSL/TLS certificates to be in AWS Certificate Manager (ACM) in the us-east-1 Region.

This requirement is crucial for setting up secure HTTPS connections between users and CloudFront, and between CloudFront and your origin. Here's why:

• CloudFront is a global service, and us-east-1 serves as its control plane.
• Centralizing certificates in one region simplifies management and ensures global availability.
• ACM integrates seamlessly with CloudFront, providing automatic certificate renewal.

To use a custom SSL certificate with CloudFront:

1. Request or import the certificate in ACM in the us-east-1 region.
2. Associate the certificate with your CloudFront distribution.

Limitations and Challenges