AWS CloudFront CDN Setup

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and maintenance of all types of websites:
Informational websites or web applications
Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators
E-commerce websites or web applications
Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers
Business process management web applications
CRM systems, ERP systems, corporate portals, production management systems, information parsers
Electronic service websites or web applications
Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 2065 services
AWS CloudFront CDN Setup
Medium
from 1 business day to 3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_website-b2b-advance_0.png
    B2B ADVANCE company website development
    1212
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1161
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    852
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1041
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    822
  • image_bitrix-bitrix-24-1c_fixper_448_0.png
    Website development for FIXPER company
    815
Show more works

Setting up AWS CloudFront CDN

CloudFront is AWS's CDN with 450+ PoPs, tightly integrated (S3, EC2, ALB, API Gateway). Use when already on AWS or need fine control over caching and routing.

Create Distribution via Terraform

resource "aws_cloudfront_distribution" "main" {
    enabled             = true
    is_ipv6_enabled     = true
    default_root_object = "index.html"
    price_class         = "PriceClass_200"

    origin {
        domain_name = aws_lb.main.dns_name
        origin_id   = "alb-origin"
        custom_origin_config {
            http_port              = 80
            https_port             = 443
            origin_protocol_policy = "https-only"
            origin_ssl_protocols   = ["TLSv1.2"]
        }
    }

    ordered_cache_behavior {
        path_pattern           = "/assets/*"
        target_origin_id       = "s3-assets"
        viewer_protocol_policy = "redirect-to-https"
        allowed_methods        = ["GET", "HEAD"]
        cached_methods         = ["GET", "HEAD"]
        compress               = true
        cache_policy_id        = aws_cloudfront_cache_policy.assets.id
    }

    default_cache_behavior {
        target_origin_id       = "alb-origin"
        viewer_protocol_policy = "redirect-to-https"
        allowed_methods        = ["GET", "HEAD"]
        compress               = true
        cache_policy_id        = aws_cloudfront_cache_policy.pages.id
    }

    viewer_certificate {
        acm_certificate_arn = aws_acm_certificate.main.arn
        ssl_support_method  = "sni-only"
    }
}

resource "aws_cloudfront_cache_policy" "assets" {
    name    = "assets-immutable"
    min_ttl = 31536000
    max_ttl = 31536000
    default_ttl = 31536000
    parameters_in_cache_key_and_forwarded_to_origin {
        cookies_config { cookie_behavior = "none" }
        headers_config  { header_behavior = "none" }
        query_strings_config { query_string_behavior = "none" }
        enable_accept_encoding_brotli = true
        enable_accept_encoding_gzip   = true
    }
}

CloudFront Functions for edge logic

// Add security headers on every request
function handler(event) {
    var response = event.response;
    var headers = response.headers;

    headers['strict-transport-security'] = {
        value: 'max-age=63072000; includeSubDomains; preload'
    };
    headers['x-content-type-options'] = { value: 'nosniff' };
    headers['x-frame-options'] = { value: 'SAMEORIGIN' };

    return response;
}

Cache invalidation on deploy

aws cloudfront create-invalidation \
    --distribution-id $DISTRIBUTION_ID \
    --paths "/*"

// Laravel: invalidate on article publish
use Aws\CloudFront\CloudFrontClient;

class ArticlePublished {
    public function handle(Article $article): void {
        $client = new CloudFrontClient(['version' => 'latest']);
        $client->createInvalidation([
            'DistributionId' => config('services.cloudfront.distribution_id'),
            'InvalidationBatch' => [
                'Paths' => ['Quantity' => 1, 'Items' => ["/blog/{$article->slug}"]],
                'CallerReference' => (string) now()->timestamp,
            ],
        ]);
    }
}

Origin Shield

Additional cache layer between edge and origin. Reduces origin load 10-50x:

origin {
    origin_shield {
        enabled              = true
        origin_shield_region = "eu-central-1"
    }
}

Setup time: 1-2 days with Terraform, including ACM certificate.