Amazon S3 and Amazon Cloudfront are different in their nature thus can’t replace one another. Amazon S3 is a cloud object storage suitable for hosting static websites and make the objects available for remote access. While Amazon Cloudfront is a content delivery network (CDN), designed to work with Amazon S3 origins to decrease latency and improve user experience by serving content faster and through the encrypted connection.
Despite the technical background, these two services are often confused. The article highlights the benefits of using Amazon Cloudfront in conjunction with Amazon S3 and helps you to decide whether or not you need to distribute the content through the network (and spend more money).
Amazon S3 and Amazon Cloudfront: Working Principles
The best way to think about Amazon S3 is as an unlimited hard drive located in the Internet. When configured for static website hosting, the storage makes hosted content available globally. But it doesn’t mean that website data is located close to the end user. So, to view a file hosted on Amazon S3 in US-East-1 N. Virginia region from London, user experiences a delay in contentdelivery due to high latency.
Amazon Cloudfront allows to distribute your website across the globe by caching (replicating) the data from Amazon S3 host and then deploy it for viewers using the nearest network server (i.e. edge location). If used in a previous example, the Cloudfront receives user’s request, consults the host server in N.Virginia and sends missing object cache to the nearest edge server in the UK. Next user, who has request the same object, receives the cached copy. This results into significant increase in loading speed of the page and separate objects like PDFs or images.
HTTP, HTTPS (SSL) in Amazon S3 and Amazon Cloudfront
One of the major differences of pure Amazon S3 hosting is utilizing only HTTP protocols. It actually might hurt your website security in a way objects are delivered through unencrypted connection. Although you still can restrict certain users or regions from accessing objects by editing Bucket Policies and Access Control List.
The workaround in this case is to use Cloudfront, because it fully supports SSL certificates and HTTPS access that can be configured by changing cache behavior. Three options are available at this point:
- Allow using both HTTP and HTTPS to choose which objects are only accessible via HTTPS
- Redirect HTTP requests to HTTPS
- Use only HTTPS to access hosted objects
Amazon Cloudfront: HTTP Live Streaming or RTMP Connection
As mentioned above, user suffers from an increased latency when tries to access the requested content through Amazon S3 from different region. This makes it impossible to stream live video and audio podcasts, which require real time operations with the data.
Cloudfront has two options to provide quality live streaming:
- Cloudfront Live Streaming (HTTP)
- Adobe Flash Media Server protocol (RTMP)
Both can be used separately or in conjunction, but you need to create a new distribution for each protocol.
Note: If you need to use simple HTTP streaming, choose Web Distribution type. Otherwise when you need to leverage streaming through RTMP protocol, use the RTMP Distribution.
Using Alternate Domains
As a rule of thumb, Amazon S3 uses only one CNAME for alternative domains thus it’s not suitable for using subdomains for different sections of the website.
By the time I wrote this article, Amazon Cloudfront limits the number of alternate domains to 100 making it the best use for websites with architecture that heavily rely on subdomains.
Amazon S3 and Amazon Cloudfront Pricing
Both solutions are stick to pay-for-what-you-use pricing formula like any other by Amazon Web Services. In case of Amazon S3 hosting, the major item of expenditure is storage based on the current tier you are utilizing. Next thing to consider are Put, Copy, Post, List, Get and other requests that are also billable. For more details on Amazon S3 pricing consult the original documentation.
Amazon Cloudfront charges webmasters for each GB delivered to the end user and it also depends on the amount of data you deliver per region. Receiving HTTP requests is cheaper than HTTPS requests, so think it through before determining protocols. Object invalidation is free up to 1,000 attempts and then result into additional fee. Custom SSL certificate will cost $600 for each domain and dedicated IP also comes for additional payment. AWS also use so-called price classes, which describe desired availability of content in specific edge locations.
For example, if your budget can’t be stretched to allow multiple downloads from Asia-Pacific region edge, you can allow to use Sydney or North America edge to minimize costs. Look at Cloudfront pricing page for more information.
To summarize the article we’ve prepared a few use cases that help you to better understand when you can benefit from Amazon Cloudfront content delivery and the same for using pure Amazon S3 hosting.
- Localized audience (i.e state, county, city)
- Objects don’t need a secure connection
- Frequently changed objects
- High latency on loading service, app or web page
- Objects need to be protected via SSL
- Objects that change with mid-frequency