AWS Black Belt Tech シリーズ 2016 - Amazon CloudFront

  • View
    20.337

  • Download
    3

Embed Size (px)

Transcript

  • Amazon CloudFront

    AWS Black Belt Tech Webinar 2016

    2016/1/27

  • AWS Black Belt Tech Webinar 2016

    AWSJTechAWS

    Web

    1819

    http://aws.amazon.com/jp/event_schedule/

    Twitter

    #awsblackbelt

    2

    http://aws.amazon.com/jp/event_schedule/

  • Agenda

    1. Contents Delivery Network

    2.

    3.

    4.

    5. &

    6. Pricing

    7.

    3

  • Contents Delivery Network

  • Contents Delivery Network

    Amazon CloudFront

    CDN

    5

  • Contents Delivery Network

    Amazon CloudFront

    Internet

    DB

    CloudFront DNS

    Edge Location

    IP(xxx.cloudfront.net)

    Edge

    Edge

    DNS

    EDNS-Client-Subnet

    6

  • EuropeAmsterdam, Netherlands(2)Dublin, IrelandFrankfurt, Germany (3)London, England (3)Madrid, SpainMarseille, FranceMilan, ItaliaParis, France (2)Stockholm, SwedenWarsaw, Poland

    AsiaChennai, IndiaHong Kong, China(2)Mumbai, IndiaManila, PhilippinesOsaka, JapanSeoul, Korea (2)Singapore (2)Taipei, TaiwanTokyo, Japan(2)

    South AmericaSao Paulo, BrazilRio de Janeiro, Brazil

    North AmericaAtlanta, GAAshburn, VA (3)Chicago, ILDallas, TX (2)Hayward, CAJacksonville, FLLos Angeles, CA(2)Miami, FLNew York, NY (3)Newark, NJPalo Alto, CA San Jose, CASeattle, WA South Bend, INSt. Louis, MO

    20161

    54 Edge Locations

    AustraliaMelbourne, AustraliaSydney, Australia

    http://aws.amazon.com/jp/cloudfront/details/7

  • Amazon CloudFront

    (54) 20161

    ()

    ()

    ()

    (GUI15)

    8

  • CDN

    CloudFront Edge

    Edge Capacity

    CDN

    9

  • CDN

    CloudFront Edge

    Edge Capacity

    CloudFront Edge

    Edge Capacity

    10

  • CDN

    CloudFront Edge

    Edge Capacity

    CDN

    DNS(Route53)

    11

  • CloudFront Distribution

    Distribution CloudFront

    AWS Management ConsoleAPI

    WebRTMP Distribution

    Distribution10Gbps15,000RPS

    xxxx.cloudfront.netDistribution CNAME

    CNAME (: *.example.com)

    Route53Zone Apex (: example.com)

    13

  • CloudFront Edge

    PROXY

    CACHE

    Web Distribution

    /HTTP

    HTTP / HTTPS GET, HEAD, OPTION() (Cache)

    PUT, POST, DELETE, OPTION, PATCH (Proxy)

    Internet

    Range GET

    GET, HEAD, (OPTION)

    PUT, POST, DELETE, OPTION, PATCH PUT, POST, DELETE, OPTION, PATCH

    GET, HEAD, (OPTION)

    14

  • Gzip

    CloudFrontGzipAccept-Encoding:gzipGzipCloudFrontGzip

    Amazon S3Gzip

    CloudFront Edge

    Gzip

    Accept-Encoding:gzip

    Gzip

    S3

    15

  • CDN

    GET / HEAD / OPTION()

    20GB

    URL

    (Web) Header / Cookie /Query Strings

    URL

    16

  • Object Caching

    HTTP

    BehaviorURL

    TTL(24)

    TTLCloudFront

    TTLCloudFront

    CloudFront Minimum TTL

    TTL = 0 TTL >0

    HT

    TP

    Cache-Control max-age

    max-ageTTL

    TTL

  • ()

    CloudFront Minimum TTL

    TTL = 0 TTL >0

    HT

    TP Cache-Control max-age

    s-maxages-max-ageTTL

    TTL

  • Invalidation()

    3,000

    15

    AWS Management ConsoleAPI

    Invalidation10-15

    AWS SDK / CLI / API

    19

  • Header, Cookie, Query Strings

    URL(Behavior)

    Whitelist

    20

  • Header

    Header

    CloudFront

    CloudFront

    Type Header

    CloudFront-Forwarded-Proto HTTPHTTPS

    CloudFront-Is-Mobile-ViewerCloudFront-Is-Tablet-ViewerCloudFront-Is-Desktop-Viewer

    User-AgentTrue/False

    CloudFront-Viewer-Country IP (ISO-3166-1 alpha-2)21

  • Cookie Cookie

    CloudFrontCookie

    CookieCookie

    Cookie

    22

  • Behaviors

    Behaviors Path Pattern 0 1) /*.jpg, /image/*, /image/a*.jpg, /a??.jpg

    img/*

    api/item*

    *

    Behavior Cache TTL()http://www.aws.com/

    img/item01.jpg

    api/item?id=10

    index.jsp

    TTL

    30 Days

    TTL

    10 min

    S3

    Default TTL

    0 Sec

    23

  • CloudFront

    S3

    400,403,404,405,414,500,501,502,503,504

    5(300)

    CloudFront

    24

  • Amazon S3Web4XXXX

    S3(4XX)

    5XX(4XX)

    4XX

    CloudFront

    S3

    Custom Error Page

    Custom Error Page

    Custom Error Page

    4XXCloudFront

    XXCloudFront

    25

  • HTTPS ( / HTTPS

    SSL( / / SNI / Certification Manager)

    GEO (Whitelist / Blacklist)

    URL/Cookie ()

    Amazon WAF

    27

  • SSL

    cloudfront.netSSL

    SSL

    X.509 PEM2048bit

    CloudFrontSSL

    Domain Validated, Extend Validated, Wildcard, Subject Alternative Name

    AWS Certification Manager

    SNI(Server Name Indication)SSL

    CloudFrontSSLSSL

    SNI

    Windows XPIE, Android 2.2, 1.7Java

    28

  • SSL

    (2)

    1-1. IAM CLI

    1-2. AWS Certification ManagerManagement ConsoleFQDN

    2. CloudFrontDistribution

    3. CNAME

    4. SNI

    5. CNAMEDistributionDomainDNS

    29

  • CloudFront SSL

    TLSv1, TLSv.1.1, TLSv1.2, SSLv3

    HTTPHTTPS

    CloudFront Edge

    HTTP/HTTPS

    S3

    HTTPS

    30

  • HTTP

    Shared-Secret

    CloudFrontCloudFront

    Cross-Origin Request Sharing(CORS)

    31

  • GEO

    BlacklistWhitelist

    Distribution

    403

    CloudFront Edge

    GEO Restriction

    403

    32

  • URL/Cookie

    URL/Cookie Restricted Viewer Access

    Behavior

    URLCookie

    (Canned Policy)

    (Custom Policy)

    IP

    33

  • URL/Cookie

    URL/Cookie

    URLCookie

    URL/Cookie

    URL/Cookie

    URL/Cookie

    CloudFrontPrivate Key

    CloudFront Edge

    403

    34

  • URL

    URL WebRTMP

    Web

    TCP

    RTMP

    403

    URL

    Query Strings

    Canned Policy: http://xxxx.cloudfront.net/file.jpg?Expires=XXX&Signature=XXX&Key-Pair-Id=XXX

    Custom Policy: http://xxxx.cloudfront.net/file.jpg?Policy=XXX&Signature=XXX&Key-Pair-Id=XXX

    CloudFrontSignature

    URL

    (Perl / PHP / C# + .NET Framework / Java)http://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/PrivateCFSignatureCodeAndExamples.html

    35

    http://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/PrivateCFSignatureCodeAndExamples.html

  • Cookie

    Cookie Web

    1Cookie

    CookieURLCustom Policy CloudFront-Key-Pair-Id, CloudFront-Policy, CloudFront-Signature

    Set-Cookie DomainCloudFrontAlternate Domain Name

    Cookie

    ExpireMax-AgeCookie

    SecureCookieCookie

    (Perl / PHP / C# + .NET Framework / Java)https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html#private-content-overview-sample-code-cookies

    36

    https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html#private-content-overview-sample-code-cookies

  • URL/Cookie

    Amazon S3Origin Access Identity(OAI)

    S3BucketCloudFront

    2

    CloudFront

    CloudFrontIP

    CloudFrontIPURLhttps://ip-ranges.amazonaws.com/ip-ranges.json

    JSON

    ServiceCLOUDFRONT

    CloudFront Edge

    S3

    OAI

    IP/

    37

  • Amazon WAF

    Amazon WAFWeb ACLCloudFront Distribution CloudFront

    Amazon WAF

    IP / SQL / , String

    Amazon WAF

    403(Forbidden)

    CloudFront Edge

    403

    38

  • CloudFront

    Amazon S3

    HTTP()

    40

  • Amazon S3 RTMP (Flash Media Server)

    DistributionRTMP

    RTMP, RTMPE, RTMPT, RTMPET

    Smooth Streaming DistributionWebSmooth Streaming

    HLS (Http Live Streaming) DistributionWeb

    RTMPSmooth StreamingS3

    (FLV, MP4, iSMV, HLS)

    CloudFront EdgeS3

    RTMP/RTMPE/RTMPT/RTMPETFlash Player /

    Silverlight PlayerHTTP/HTTPS

    41

  • HTTP

    AWS CloudFormation

    CloudFront EdgeEC2

    Flash Player / Silverlight Player

    HTTP/HTTPS

    AWS CloudFormation

    Template

    LIVE

    42

  • CloudFormation

    CloudFrontAdobe Media ServerHTTP http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LiveStreamingAdob

    eMediaServer5.0.html

    CloudFrontIIS Media Service Smooth Streaming http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/IISLiveSmoothStrea

    ming4.1.html

    CloudFrontWowzaHTTP http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/live-streaming-

    wowza.html

    43

    http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LiveStreamingAdobeMediaServer5.0.htmlhttp://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/IISLiveSmoothStreaming4.1.htmlhttp://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/live-streaming-wowza.html

  • &

  • CloudFront Reports & Analytics

    Cache Statistics

    Monitoring and Alarming

    Popular Objects

    Top Referrers

    Usage

    Viewers

    Cache Statistics / Popular Objects /Top Referrers / Usage / ViewersAWS Management Console

    45

  • CloudFront Reports & Analytics

    Cache Statistics / Popular Objects / Usage /Top Referrers / Viewers CloudFront 60 1 3Delay CSV

    DistributionDistribution

    Monitoring and Alarming Cloudwatch

    35Delay

    46

  • CloudFront Reports & Analytics