- Benefits:

• Largest global network for rapid content delivery.

Amazon CloudFront is widely scalable and globally distributed. A CloudFront network has more than 225 points of presence (PoPs) interconnected through the AWS backbone to deliver ultra-low latency performance and high availability for end users. The AWS backbone is a private network based on a parallel, fully redundant 100GbE metropolitan global fiber optic network, connected by transoceanic cables to the Atlantic, Pacific, and Indian Oceans, as well as the Mediterranean, Red Sea, and South China Seas. Amazon CloudFront automatically allocates network conditions intelligently or user traffic to the highest-performing AWS edge location to deliver cached or dynamic content. The default CloudFront configuration is considered a multi-tiered cache architecture that offers improved cache length and native protection.

• Security at the edge.

Amazon CloudFront is a highly secure CDN that provides protection for networks and applications. All CloudFront deployments are protected by default against DDoS attacks on the transport network and the most common attacks against websites or applications with AWS Shield Standard. To defend against more complex attacks, you can add a flexible security perimeter layer by integrating CloudFront with AWS Shield Advanced and/or AWS Web Application Firewall (WAF). Firewall rules, curated and managed by Amazon security experts, to protect against common CVEs and the OWASP Top 10 security risks are provided as AWS-managed rules for AWS WAF. Finally, CloudFront has the most advanced compliance and security certifications, including PCI DSS, ISO/IEC, SOC 1/2/3, FedRAMP Moderate, HIPAA, and more.

• Highly programmable and secure edge computing.

With CloudFront Functions and Lambda@Edge Edge Computing, you can easily run code in AWS locations around the world, enabling you to personalize content and respond to end users with improved latency. For example, you can use CloudFront Functions to serve unique content based on visitor attributes, generate personalized responses, or perform A/B testing with your own custom code on AWS infrastructure. With Lambda@Edge, you can complement or completely replace your origin servers. Lambda@Edge can be used for server-side rendering of web pages, real-time streaming manifest file manipulation for ad insertion, or adding security tokens. CloudFront Functions and Lambda@Edge protect your data from attacks with built-in security isolation.

• Tight integration with AWS.

Amazon CloudFront integrates with AWS services such as Amazon S3, Amazon EC2, Elastic Load Balancing, Amazon Route 53, and AWS Elemental Media Services for easy setup. As a developer, you can use the AWS Management Console or familiar developer tools such as CloudFormation templates, the AWS Cloud Development Kit, and APIs. CloudFront integrates with Amazon Cloudwatch and provides real-time observability through metrics and logs.

• Economic.

Amazon CloudFront offers cost-effective content delivery worldwide. Integrated with AWS, there are no transfer fees for origin downloads from any AWS origin, and AWS Certificate Manager (ACM) offers custom TLS certificates at no additional cost. CloudFront offers customizable pricing options, including simple pay-as-you-go pricing with no upfront fees and the CloudFront Security Savings Bundle, which helps save an additional 30%. For even deeper discounts, custom pricing is available for minimum traffic commitments (typically 10 TB/month or more). CDN support is included in your existing AWS Support subscription.

– Use cases:

• Website delivery and security.

Amazon CloudFront can accelerate the delivery of websites—whether static objects (e.g., images, style sheets, JavaScript, etc.) or dynamic content (e.g., videos, audio, motion graphics, etc.)—to viewers around the world. By default, the CDN provides a multi-tiered cache that reduces latency and load on origin servers when the object is not yet in the edge cache. With fine-grained cache configuration controls, built-in features like gzip and brotli compression, access to geolocation headers, and edge computing capabilities, customers like Amazon.com and Reach plc deliver content to millions of viewers. Integration with AWS Shield and WAF protects your site from network and application layer attacks, while features like TLS 1.3 and field-level encryption provide improved security and performance.

• Dynamic content and API acceleration.

Accelerate and protect dynamic content with Amazon CloudFront. Clients like Tinder and Slack use Amazon CloudFront to secure and accelerate API calls and WebSocket connections. CloudFront supports proxy methods (POST, PUT, OPTIONS, DELETE, and PATCH). TLS connections to clients are terminated at a nearby point of presence, and CloudFront uses optimized network paths from the AWS backbone to reach sources securely by reusing the available connection. If you use an AWS origin, traffic to the origin will move through the dedicated AWS backbone. AWS Shield and WAF protect APIs at the CDN edge. Learn more about API acceleration with CloudFront.

• Live and on-demand video streaming.

CloudFront is designed to process live and on-demand video workloads. Benefit from AWS's globally scalable, high-performance network, private backbone connectivity to AWS sources, and integration with AWS and Elemental Media Services. Further optimize content delivery with intermediate caching tiers, Origin Shield architecture, and real-time monitoring. CloudFront supports multiple streaming formats, such as Microsoft Smooth, HLS, HDS, or MPEG-DASH, to any device. Additionally, integration with Elemental MediaStore provides low-latency streaming for various sports and gaming streaming use cases. Learn more about CloudFront's media and entertainment capabilities.

• Software distribution, game delivery, and IoT OTA.

Amazon CloudFront scales automatically as customers around the world download software updates. Software can be made available at the edge, close to end users, through the content delivery network. CloudFront's high data transfer rates accelerate the delivery of binaries, game patches, Internet of Things (IoT) updates, and OTA (over-the-air) updates to cost-effectively improve the customer experience at scale.