CloudFront is AWS’s content delivery network which helps you deliver content to end users faster. It does this by distributing your data to its global network of edge locations all over the world and as such, the data is closer to the end users and has less distance to travel. With every edge location added, the load of your servers lessen and CloudFront delivers content faster and closer to your customers.
You can also use AWS CloudFront to increase the security of your web applications if you integrate it with AWS Certificate Manager and/or AWS Web Application Firewall (WAF).
One Nordcloud customer with over 200 different web applications recently implemented a solution together with Nordcloud which utilized CloudFront for content delivery and security.
Implementing TLS certificates for as many web applications as possible
Be able to write custom firewall rules based on attack patterns.
After evaluation of their current infrastructure, Nordcloud found that about 10-15 of the web applications were no longer in use and could be shut down. Another 10 were already on a migration path to a new infrastructure where CloudFront could be used, while the majority of the websites were ready to be put behind CloudFront and WAF.
The implementation was then done in three steps:
- Activate a CloudFront Web Distribution for each web application
- Associate TLS certificates with the CloudFront distributions
- Setup AWS WAF with web access control lists, rules and conditions.
The implementation was done using AWS CloudFormation templates and Lambda functions. Using templates together with functions made it simpler to automate the tasks needed for the implementation of this solution. This also meant that the delivery was simplified noticibly when no manual steps had to be documented.
When we were finished with the implementation of CloudFront for their infrastructure, the results could be seen instantly as most sites were now served over HTTPS. Later on, we could also see the results of the WAF when the customer was hit by a DDOS attack originating from a certain country. When enough data was collected from the attack, the country of attack origin was blocked using AWS predefined rules.
A bonus positive outcome from using CloudFront was that the data costs and site load time was quite a bit lower after CloudFront cached the website objects and served them closer to the customer.