When you create a CloudFront distribution, you can configure different options for HTTPs. One option is to redirect HTTP to HTTPs. This allows users to connect to the content with HTTP, but the traffic is then redirected to secure HTTPs. You can also set the distribution to HTTPs only, and HTTP requests are not permitted.
You can also require HTTPs for communication between CloudFront and a custom origin. If you have already configured the HTTPS only option on the distribution, you can choose the Match Viewer origin protocol policy to enforce HTTPS between CloudFront and your custom origin as well. Or you can also set the option for HTTPS only for the origin protocol policy.
When the CloudFront distribution creation is complete, a domain name is automatically generated (see Figure 12.15). You can open this link in a browser directly, or you can configure a Route 53 alias record to point to it.
FIGURE 12.15 CloudFront domain name
Waiting for the TTL is one way to expire undesired content from the cache at the edge locations, but you can speed up this process by using an invalidation. Invalidations can be expensive and are resource intensive.
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. Your website has a mix of static and dynamic content. A CloudFront distribution is being used to speed up the delivery of static assets such as images and videos. All static content is reachable through a subdomain called static.sample.com. Which Route 53 option should be used to configure this?
A. Create a CNAME record for sample.com that points to an alias record for the CloudFront distribution domain name.
B. Create a CNAME record for static.sample.com that points to an alias record for the CloudFront distribution domain name.
C. Create an A record for sample.com that points to an alias record for the CloudFront distribution domain name.
D. Create an A record for static.sample.com that points to an alias record for the CloudFront distribution domain name.
2. You have just decreased the TTL on a CloudFront distribution. Which of the following results may occur? (Choose two.)
A. Outdated content may persist for longer.
B. The cache hit ratio of the CloudFront distribution may drop.
C. CloudFront needs to retrieve less content from the origin.
D. Outdated content is purged from the cache more quickly.
1. Answer: D is correct. Use Route 53 to create an alias record that points to the domain name of the CloudFront distribution. An alias record is similar to a CNAME record but can be created for subdomains or the zone apex. Route 53 responds to DNS queries that match and responds with the domain name that is associated with your distribution.
2. Answer: B and D are correct. Because the TTL is lower, the CloudFront distribution checks for outdated content more frequently. This results in more cache misses but also purges outdated content from the cache more quickly.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
