AWS Black Belt Techシリーズ Amazon CloudFront

Amazon CloudFrontAWS Black Belt Tech Webinar 2014 () 2014.12.17

Agenda

1. Contents Delivery Network2. 3. 4. 5. & 6. Pricing7.

Contents Delivery Network


Amazon CloudFront

CDN


Amazon CloudFront

Internet

DB

CloudFront DNS

Edge Location

IP(xxx.cloudfront.net)

Edge

Edge

DNS

EDNS-Client-Subnet

Europe Amsterdam, Netherlands(2) Dublin, Ireland Frankfurt, Germany (3) London, England (3) Madrid, Spain Marseille, France Milan, Italia Paris, France (2) Stockholm, Sweden Warsaw, Poland

Asia Chennai, India Hong Kong, China(2) Mumbai, India Manila, Philippines Osaka, Japan Seoul, Korea Singapore (2) Taipei, Taiwan Tokyo, Japan(2)

South America Sao Paulo, Brazil Rio de Janeiro, Brazil

North America Atlanta, GA Ashburn, VA (3) Dallas, TX (2) Hayward, CA Jacksonville, FL Los Angeles, CA(2) Miami, FL New York, NY (3) Newark, NJ Palo Alto, CA San Jose, CA Seattle, WA South Bend, IN St. Louis, MO 201412

52 Edge Locations

Australia Melbourne, Australia Sydney, Australia

http://aws.amazon.com/jp/cloudfront/details/

Amazon CloudFront

(52) 201412

()

()

()

(GUI15)

CDN

CloudFront Edge

Edge Capacity

CloudFront Edge

Edge Capacity

CDN

CloudFront Edge

Edge Capacity

CDN

DNS(Route53)

CloudFront Distribution

Distribution AWS Management ConsoleAPI WebRTMP Distribution 1Gbps1,000RPS

xxxx.cloudfront.netDistribution

CNAME CNAME (: *.example.com) Route53Zone Apex (: example.com)

CloudFront Edge

PROXY

CACHE

Web Distribution

/HTTP HTTP / HTTPS

GET, HEAD, OPTION() (Cache) PUT, POST, DELETE, OPTION, PATCH (Proxy)

Internet Range GET

GET, HEAD, (OPTION)

PUT, POST, DELETE, OPTION, PATCH PUT, POST, DELETE, OPTION, PATCH

GET, HEAD, (OPTION)

GET / HEAD / OPTION() 20GB

Cache Control24 (Web)

Header (None / Whitelist / All) Cookie (None / Whitelist /All) Query Strings (No / Yes)

URL

HTTPCloudFrontMinimum TTL

CloudFront Minimum TTL

Minimum TTL = 0() Minimum TTL >0

HTTP

Cache-Control max-age

max-age

max-ageMinimum TTL

Cache-Control 24 24Minimum TTL

Cache-Control max-ages-maxage

s-maxagemax-age

s-maxageMinimum TTLmax-age

Expires Expires ExpiresMinimum TTL

Cache-Control no-cache, no-store Minimum TTL

HTML MetaHTTP Cache-ControlProgmaCloudFrontS3MetadataHTTP

Invalidation() 3Invalidation 1Invalidation1,000 AWS Management ConsoleAPI Invalidation10-15

AWS Management ConsoleInvalidation

AWS SDK / CLI / API

Header, Cookie, Query Strings()

URL(Behavior)

Whitelist

Header Header

CloudFront CloudFront

Type Header

CloudFront-Forwarded-Proto HTTPHTTPS

CloudFront-Is-Mobile-ViewerCloudFront-Is-Tablet-ViewerCloudFront-Is-Desktop-Viewer

User-AgentTrue/False

CloudFront-Viewer-Country IP (ISO-3166-1 alpha-2)

Cookie Cookie CloudFrontCookie Cookie

Cookie Cookie

Behaviors

Behaviors Path Pattern 0 1)/*.jpg, /image/*, /image/a*.jpg, /a??.jpg

img/*

api/item*

*

Behavior Cache TTL()http://www.aws.com/

Cache-control: no-cache, no-store

img/item01.jpg

api/item?id=10index.jsp

Custom TTL

30 Days

Custom TTL

10 min

Use Origin

S3

CloudFront

S3

400,403,404,405,414,500,501,502,503,504 5(300)

CloudFront

Amazon S3Web4XX

XXS3(4XX)

5XX(4XX)

4XX

CloudFront

S3

Custom

Error Page

Custom Error Page

Custom Error Page

4XXCloudFront

XXCloudFront

HTTPS ( / HTTPS SSL ( / / SNI) GEO (Whitelist / Blacklist) URL () CloudTrail

SSL

cloudfront.netSSL

SSL X.509 PEM2048bit CloudFrontSSL

Domain Validated, Extend Validated, Wildcard, Subject Alternative Name

SNI(Server Name Indication)SSL CloudFrontSSLSSL

SNI

Windows XPIE, Android 2.2, 1.7Java

SSL

1. IAM CLI2. CloudFrontDistribution

3. CNAME4. SNI5. CNAMEDistributionDomain

DNS

GEO

BlacklistWhitelist Distribution 403

CloudFront Edge

GEO Restriction

URL

URL

Behavior

(Canned Policy)

(Custom Policy) IP

CloudFront Edge

URL

URL

URL

CloudFrontPrivate Key

URL

URL WebRTMP

Web TCP

RTMP 403 URL

Query Strings Canned Policy: http://xxxx.cloudfront.net/le.jpg?Expires=XXX&Signature=XXX&Key-Pair-Id=XXX Custom Policy: http://xxxx.cloudfront.net/le.jpg?Policy=XXX&Signature=XXX&Key-Pair-Id=XXX

CloudFrontSignature (Perl / PHP / C# + .NET Framework / Java)

http://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/PrivateCFSignatureCodeAndExamples.html

URL

Amazon S3Origin Access Identity(OAI)

S3BucketCloudFront

CloudFrontIP CloudFrontIPURL

https://ip-ranges.amazonaws.com/ip-ranges.json JSON

ServiceCLOUDFRONT

CloudFront Edge

S3

OAI

IP

CloudFront

Amazon S3 HTTP()

Amazon S3 RTMP (Flash Media Server)

DistributionRTMP RTMP, RTMPE, RTMPT, RTMPET

Smooth Streaming DistributionWebSmooth Streaming

HLS (Http Live Streaming) DistributionWeb

RTMPSmooth StreamingS3 (FLV, MP4, iSMV, HLS)

CloudFront EdgeS3

RTMP/RTMPE/RTMPT/RTMPETFlash Player /

Silverlight Player HTTP/HTTPS

HTTP AWS CloudFormation

CloudFront EdgeEC2

Flash Player / Silverlight Player

HTTP/HTTPS

AWS CloudFormation

Template

LIVE

CloudFormationCloudFrontAdobe Media ServerHTTP http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/

LiveStreamingAdobeMediaServer5.0.html

CloudFrontIIS Media Service Smooth Streaming http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/

IISLiveSmoothStreaming4.1.html

CloudFrontWowzaHTTP http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/live-streaming-

wowza.html

CloudFront Reports & Analytics

Cache Statistics

Monitoring and Alarming

Popular Objects

Top Referrers

Usage

Viewers

Cache Statistics / Popular Objects /Top Referrers / Usage / ViewersAWS Management Console


Cache Statistics / Popular Objects / Usage /Top Referrers / Viewers CloudFront

60 1 3Delay

DistributionDistribution

Monitoring and Alarming

Cloudwatch

35Delay


Cache Statistics Total Request

Percentage of Viewer Requests by Result Type

CacheHit/Miss/Error Bytes Transferred to Viewers

Miss Hit

HTTP Status Codes 2XX, 3XX, 4XX, 5XX

Percentage of GET Requests that Didnt Finish Downloading GET


Usage Number of HTTP Requests

HTTP Number of HTTPS Requests

HTTPS Data Transferred over HTTP

HTTP Data Transferred over HTTPS

HTTP Data Transferred from CloudFront Edge Location to Your Users

CloudFront Edge Data Transferred from CloudFront to Your Origin

CloudFront Edge


Popular Objects DistributionTop 50

Object Requests Hits, Hit %, Misses Total Bytes, Bytes From Misses, Incomplete Download, Response Code


Top Referrers DistributionTop 25

Referrers Request Count Request %


Viewers Distribution

Browsers

Operating Systems

OS OS

OS Locations

Location

Location (Request Count/Request%/Bytes)


Monitoring and Alarming Cloudwatch CloudFrontCloudwatchVirginia

4xxErrorRate, 5xxErrorRate, TotalErrorRate BytesDownloaded, BytesUploaded Requests

Access Log

CloudFront S3 Bucket

Bucket

date (UTC)

time (UTC)

x-edge-location ID

sc-bytes Byte()

c-ip IP

cs-method HTTPMethod

cs-uri-stem URI

sc-status

cs(Referer)

cs(User-Agent)

cs-uri-query Query Strings

cs(Cookie) Cookie

x-edge-result-type HitRefreshHitExpireMissLimitExceeded: CloudFrontCapacityExceeeded: Error

x-edge-request-id CloudFrontID

x-host-header Host Header

cs-protocol (http / https)

cs-bytes Byte()

time-taken CloudFrontLastByte

Access Log

S3 Bucket 1S3

Kinesis 1

CloudFront Edge

Kinesis

S3 Bucket

CloudFront &

CloudFront

S3

Management Console

Cache StatisticsPopular ObjectsTop ReferrersUsageViewers

Cloudwatch Monitoring and Alarming/

Access Log

Redshift

EMR

& TIPS

Amazon CloudFront

Web

Web

CloudFront

S3

CMS

Web

CloudFront

HeaderClientPOST

Web(mod_rewrite)CloudFront

CMS

Amazon CloudFront

Web

Web

CloudFront

S3

S3

CMS

AWS CLI / SDK

Amazon CloudFront

CloudFront

S3

Elastic Transcoder

Flash (RTMP/RTMPE/RTMPT/RTMPET)

HTTP Live Streaming (HLS)

Smooth Streaming

Amazon CloudFront

CloudFront

HTTP

Flash (RTMP/RTMPE/RTMPT/RTMPET)

HTTP Live Streaming (HLS)

Smooth Streaming

AWS Cloud Forma2on

Template

LiveEncoder

LIVE Internet

EC2

DNS

Route 53DNS Lookup CloudFrontAlternative Domain NameRoute53TypeCNAMEAAlias

> nslookup cdn.awssummit.co.jp

Server: 192.168.2.1

Address: 192.168.2.1#53

Non-authoritative answer:

cdn.awssumit.co.jp canonical name = dxxxx.cloudfront.net.

Name: dXxxx.cloudfront.net

Address: 54.230.234.XXX

Name: dXXXX.cloudfront.net


:

CNAME A Record + Alias

cdn .awssummit.co.jp.

> Nslookup cdn.awssummit.co.jp

Server: 192.168.2.1

Address: 192.168.2.1#53

Non-authoritative answer:

Name: cdn.awssumit.co.jp






:

/

Cloudwatch Alarm Request

TotalErrorRate

Pricing

CloudFront

SSL

EC2 S3

201412

TB/ $0.0.85 $0.085 $0.140 $0.140 $0.250 $0.140 $0.170

40TB/ $0.080 $0.080 $0.135 $0.135 $0.200 $0.135 $0.130

100TB/ $0.060 $0.060 $0.120 $0.120 $0.180 $0.120 $0.110

350TB/ $0.040 $0.040 $0.100 $0.100 $0.160 $0.100 $0.100

524TB/ $0.030 $0.030 $0.080 $0.080 $0.140 $0.095

4PB/ $0.025 $0.025 $0.070 $0.070 $0.130 $0.090

5PB/ $0.020 $0.020 $0.060 $0.060 $0.125 $0.085

HTTP $0.0075 $0.0090 $0.0090 $0.0090 $0.0160 $0.0090 $0.0090

HTTPS $0.0100 $0.0120 $0.0120 $0.0120 $0.0220 $0.0125 $0.0120

(10,000)

SSLDistribution1$600 SNI

All Data Transfer $0.020 $0.020 $0.060 $0.060 $0.125 $0.100 $0.160

(GB)

1,000$0.005

CloudFront(GB)AWSAmazon CloudFront$0.000

(GB)

CloudFront Price Class

Price Class

Price Class

Free Tier

AWS 1 50GB/ 2/HTTPHTTPS

CloudFront CDN

Appendix

Amazon CloudFront Developer Guide

http://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

Amazon CloudFront FAQhttp://aws.amazon.com/jp/cloudfront/faqs/

Amazon CloudFront Pricinghttp://aws.amazon.com/jp/cloudfront/pricing/

AWS Black Belt Techシリーズ Amazon CloudFront

Technology

Transcript of AWS Black Belt Techシリーズ Amazon CloudFront