Amazon CloudFront is a new content delivery service from Amazon Web Services that helps you improve the performance, reliability, and availability of your web sites and applications.

You can get started very quickly with Amazon CloudFront – basically there are 5 steps to follow.

1. Sign up for Amazon CloudFront at http://aws.amazon.com/cloudfront; just click the ‘Sign up for Amazon CloudFront’ button and enter in the requested information.
   
   
2. Download a tool to help you manage Amazon CloudFront from our resource center. This guide uses the Firefox Organizer for Amazon S3 and Amazon CloudFront (S3Fox) as an example, however, many other tools are available. Once you’ve downloaded and installed the tool, you’ll need to enter your AWS Account credentials into the tool so you it can access your account.
3. Create an Amazon Simple Storage Service (Amazon S3) bucket and upload your content. The original versions of your content will be stored in an Amazon S3 bucket. Using S3Fox, create a new Amazon S3 bucket (S3Fox calls this a directory), give it a globally unique name and upload your files. Make sure to make your content publicly readable by editing the ACLs for your files; this is done from the context-menu.
   
   
4. Create an Amazon CloudFront distribution by right-clicking on your directory and choosing ‘Manage Distributions.’ This will enable your content for delivery through Amazon CloudFront.
   
   
5. Use the Amazon CloudFront domain name to reference content in your web pages or applications.
   
   

This rest of this guide will take you through these steps in more detail based on what you want to know about the Amazon CloudFront service. This guide is organized into three sections:

1. What is Amazon CloudFront and why do I need it?
2. I’m ready to use Amazon CloudFront, but I’m new to Amazon Web Services
3. I’m already using Amazon S3, how do I add Amazon CloudFront?

What is Amazon CloudFront and why do I need it?

Amazon CloudFront works by distributing your web content (i.e. images, video, etc) using a network of edge locations around the world. Your content is then served from the edge location that is geographically closest to the user who requests it.

This concept is best illustrated by example.

Consider this simple URL that is being served from a traditional web server, not from Amazon CloudFront:

http://static.learnaws.com/media_rdc_share_web-poster.jpg

We can easily navigate to this URL and see the image that it represents; however, what is transparent to us is that our request for this image was actually routed through a number of individual networks. Fundamentally, the Internet is comprised of a complex collection of individual, but interconnected networks. A request for data like our image is routed from one network to another until the data is found.

Let’s suppose that we make a request to this URL from Seattle, WA, USA. The illustration below (courtesy of www.mapulator.com) shows how this request is routed.

As we can see, our request was routed 10 times before our single image was retrieved. This is not an unusually high number of requests, but it does illustrate how much work is needed to retrieve even a single image.

Continuing our example, consider the case when a request is made from Europe. The illustration below shows how this request is routed.

Because the request is still being served from a traditional web server in a single location, the request must travel over even more networks. The number of networks and the distance it must travel has a great deal of impact on our performance, reliability and availability.

This is where Amazon CloudFront can help. By simply using Amazon CloudFront to distribute our data, we can dramatically decrease the routing needed. Below is an illustration of a request for the same object - only this time, we are using Amazon CloudFront. When we request http://d123456.cloudfront.net/media_rdc_share_web-poster.jpg, again from Europe, we see the same object, but our request takes a very different path:

Notice that the number of networks that our request uses is dramatically reduced. This is because Amazon CloudFront will detect where a request is being made, and service that request from a nearby edge location. This improves performance: end users get lower latency (the time it takes to load the first byte of the object), and higher data transfer rates. We also get better reliability and availability because there is no longer a central point of failure – copies of our object are now held in edge locations around the world.

Our example was quite extreme - we made requests from Europe to data that was stored originally in the United States - however, Amazon CloudFront works at more granular levels as well.

I’m ready to use Amazon CloudFront, but I’m new to Amazon Web Services

It’s easy to get started using Amazon CloudFront, even if you are completely new to Amazon Web Services. Simply follow the steps below:

1. Sign up for Amazon CloudFront at http://aws.amazon.cloudfront.com
2. Download a tool to help you manage Amazon CloudFront from the Amazon Web Services  Resource Center
3. Create an Amazon Simple Storage Service (Amazon S3) bucket and upload your content

Let’s examine each step in detail.

1. Sign up for Amazon CloudFront at http://aws.amazon.cloudfront.com

If you have never used Amazon Web Services, your first step is to visit http://aws.amazon.com and create an Amazon Web Services account.

Signing up for Amazon Web Services is a 2-step process. First, you create your account, and then you elect into the services that you want to use. To use Amazon CloudFront, you will need to elect into Amazon Simple Storage Service (Amazon S3) and Amazon CloudFront.

Amazon S3 and Amazon CloudFront are both available from the Products menu as shown below.

The first service that you elect into will prompt you for a credit card; no charges will be made until you actually use a service.

2. Download a tool to help you manage Amazon CloudFront from the Amazon Web Services  Resource Center

Once you have elected into both services, your next step is to download a tool that will help you manage your content in Amazon S3 and Amazon CloudFront. There are a number of tools you can use to help you work with Amazon S3 and Amazon CloudFront and the list is constantly growing. Here’s a sample of some of the tools that are available:

• s3sync - a free command-line tool written in Ruby that helps you synchronize your local files with Amazon S3.
• s3cmd - an open-source command-line utility that helps you upload content into Amazon S3
• S3 Organizer - a popular Firefox plug-in that offers a FTP-like interface for Amazon S3
• Forklift - a Mac OS X client for Amazon S3
• BucketExplorer - a commercial Amazon S3 graphical client

As an example, we will use the S3 Organizer tool for this guide.

3. Create an Amazon Simple Storage Service (Amazon S3) bucket and upload your content

No matter which tool you choose, your first step towards migrating to Amazon S3 is to create a “bucket”.

Details can be found in the documentation , but Amazon S3 works on the principle of buckets and objects - these roughly correlate to folders and files in a file system. Amazon S3 mandates a very simple structure - buckets can only contain objects, there is no nesting of buckets.

Notice that S3 Organizer uses the metaphor of directories and files in place of buckets and objects. This is commonly found in many Amazon S3-related tools.

Amazon S3 does require that bucket names be globally unique, just like a domain name: no two buckets can have the same name, even if they’re owned by different customers. For this example, we’ve generated our bucket name using a globally unique identifier (GUID, but you can choose any name you wish so long as it’s not already in use by another bucket.

If you have used Amazon S3 before, you will know that you refer to your bucket through a URL that Amazon generates for you. That URL is based on the name of your bucket. In our example that URL is: http:// 4e3202e4-aa16-4448-89cf-52ca39583bcd .s3.amazonaws.com/.

Once our bucket has been created, our next step is to simply upload our contents.

By default, all objects in your bucket are private; however, to use Amazon CloudFront, objects need to be publicly readable. As a result, you must explicitly enable public ‘read’ privileges for each object you upload to Amazon S3. This is one of the most common mistakes when working with Amazon CloudFront and Amazon S3.

Privileges can be set at both the bucket and object level. However, objects do not inherit their bucket’s privileges. For example, a bucket might have ‘public read’ privileges, but any objects that are either already in this bucket or get added to this bucket will not be publicly readable. You must explicitly grant privileges to each object in Amazon S3.

Most of Amazon S3 tools will have a feature to cascade privileges, but this is only for convenience. The tool is in fact making an individual request to grant privileges for each object.

Once your privileges have been set, we can navigate to this item by its URL; in our case, that URL is http://4e3202e4-aa16-4448-89cf-52ca39583bcd.s3.amazonaws.com/media_rdc_share_web-poster.jpg .

At this point, we have verified that our content is publicly accessible we can take the next step and enable Amazon CloudFront.  

The next section of this guide will show you how to create an Amazon CloudFront distribution and start using the service to deliver your objects.

I’m already using Amazon S3, how do I use Amazon CloudFront too?

Once your content is in Amazon S3, there are only two steps to start delivering your content using Amazon CloudFront:

1. Create an Amazon CloudFront distribution
2. Use the Amazon CloudFront domain name to reference content in your web pages or applications

Again, let’s examine each step in detail.

1. Create an Amazon CloudFront distribution

Enabling Amazon CloudFront is very straightforward with S3 Organizer; simply right-click on your Amazon S3 bucket and choose Manage Distributions.

In the resulting dialog, press Create Distribution to enable Amazon CloudFront for this bucket.

It will take a few minutes to create our distribution; we can monitor the progress in the status field.

When status becomes deployed, our distribution is ready and we are using Amazon CloudFront. As you can see above, our distribution gives us a new host name; we can now access our content at: http://d2oxqriwljg696.cloudfront.net/media_rdc_share_web-poster.jpg.

Obviously this is a cumbersome URL to work with; you might want to replace this with learn how to create a friendlier alias. The standard way to do this is by creating an alias that maps a friendly name to our actual name - this alias is called a CNAME or canonical name.

A CNAME is simply a way to create an alias or a nickname for a DNS record. In our case, we are going to create an alias for our cumbersome d2oxqriwljg696.cloudfront.net host name.

For this example, we will create demo.learnaws.com as a CNAME that points to d2oxqriwljg696.cloudfront.net.

This is an optional step, if you are comfortable using d2oxqriwljg696.cloudfront.net in your web page or application there is no need to create a CNAME.

The first thing to do is to let Amazon CloudFront know that you plan to create the CNAME. To do this in S3 Organizer, you’ll add the CNAME to the Manage Distribution dialog. Click the Update Distribution  

Next, you need to create a DNS entry for your CNAME. CNAMEs are managed by whoever manages your DNS entries. This is usually your web hosting provider. There is no standard interface for managing DNS entries, so an example from Dreamhost.com is shown below.

Usually, a web hosting provider will discuss how to alter your DNS entries in their support documentation. For our example, we will continue to use Dreamhost.com and create a CNAME for our new Amazon S3 bucket.

The alias, or CNAME that we will use is demo and we simply specify d2oxqriwljg696.cloudfront.net as the value.

It is common to also create a www.demo CNAME entry that maps to the d2oxqriwljg696.cloudfront.net as well. Incidentally, if you have a CNAME for an Amazon S3 bucket, you can simply change its value to your new Amazon CloudFront host.

New DNS entries usually take a few minutes to propagate. When it does, we can access our content at http://demo.learnaws.com. This is the base URL that we can use to access our content in Amazon CloudFront.

Now we have a friendly URL that will serve its content from a data center that is as close as possible to the user requesting it.

2. Use the Amazon CloudFront domain name to reference content in your web pages or applications

Once your content has been uploaded and your distribution has been setup, you can reference your content with your new Amazon CloudFront-based URL.

Your content can be served from any of the following edge locations– depending on where the request is being made:

While one or several of these edge locations may serve your requests, your ‘origin’ server will always be the Amazon S3 bucket where you originally uploaded your data.

Your content will be copied to each edge server as it is requested. The first request will be processed by the origin server; then that content will be propagated to the appropriate edge server. The next time this content is requested, it will be handled by the edge server.

When you update your content, those updates are made at the Amazon S3 bucket (i.e. the origin server). Amazon CloudFront will then propagate those changes to the edge servers that have your content – this process can take up to 24 hours, but is usually completed within a few minutes.