Global Accelerator Architecture The Anycast IP addresses are injected into the Internet’s BGP tables to advertise each public interface into the AWS network. The same IP address is advertised for each edge location to allow traffic to enter the network at its closest entry point from the user by using BGP reachability metrics. This reduces […]

Sticky Connections Sticky connections bind a user’s connections though the ELB to a specific target for the duration of the connection. All connections from the user for the session will always be directed to the same backend target. Some applications maintain state information at the server level such as checkout carts or other session tracking […]

Global Accelerator When accessing AWS resources over the Internet, traffic is routed from your local connection over the Internet to the region requested over many hops and, often, across many different Internet providers and backbone carriers. This can cause additional latency and suboptimal performance. The AWS Global Accelerator service can greatly improve network performance by […]

Load Balancer Architectures ELB architectures include Internet-facing or internal configurations. When assigned a public IP address and configured to be reachable from the Internet, an AWS Elastic Load Balancer instance can service public connections by acting as a front end to the backend services that can be inaccessible to the public and be in a […]

Billing Billing is for the actual usage of CloudFront and does not require minimum charges or any time commitments. Billing is based on the amount of data you transmit out from the edge locations to the Internet and is charged by the gigabyte. Charges from the CloudFront services to the origins, either AWS or in […]

CloudFront Security CloudFront supports multiple security options. Front-end Internet-based denial-of-service protection is included at no cost when deploying a CloudFront distribution. AWS uses its Shield service in front of all edge locations. Shield will protect the edge from distributed denial-of-service (DDoS) attacks. Shield includes automatic inline attack mitigation support to protect your site from common […]

CloudFront Encryption Using SSL/TLS and SNI Encrypting data in transit over the Internet is the recommended transport method for web traffic. This relies on the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) services. SSL has been deprecated and replaced by TLS even though the SSL name lives on and is widely used in the industry […]

CloudFront Implementation When creating a CloudFront implementation, sites are registered with CloudFront using configuration objects called distributions. Origins and all other configuration items are stored in the distributions. The CloudFront distributions will be assigned a DNS name by AWS that uses the cloudfront.net domain. We can then map our own domain name to the distribution […]

Invalidations Cache invalidations are configured for all edge locations at the distribution level. A cache invalidation will expire all objects in the edge cache even if there are TTL values that have not expired. It is a forced deletion of the object from cache. Invalidation can define a specific file or be expanded using wildcards. […]

THE AWS CERTIFIED ADVANCED NETWORKING – SPECIALTY EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Objective 1.1: Design a solution that incorporates edge network services to optimize user performance and traffic management for global architectures. Content Distribution Networking In this chapter, we will cover edge networking, APIs, and […]