The Problem CloudFront Solves

Your server is in the US. A user in India makes a request — it travels all the way to the US and back. Slow.

CloudFront fixes this by caching your content at edge locations around the world so users always get it from the nearest location.

Without CloudFront:
User in India --> Server in US (slow, far away)

With CloudFront:
User in India --> Edge Location in Mumbai (cached, fast)

How It Works

image.png

Origin (S3 or EC2)
    |
Amazon CloudFront Distribution
    |
    |-- Regional Edge Cache (REC) for Europe
    |       |-- Edge Location --> Viewers
    |       |-- Edge Location --> Viewers
    |
    |-- Regional Edge Cache (REC) for Asia
            |-- Edge Location --> Viewers
            |-- Edge Location --> Viewers

Request flow:

  1. User requests a file
  2. CloudFront checks the nearest edge location — if cached, returns immediately
  3. If not cached, checks the Regional Edge Cache
  4. If still not found, fetches from origin, caches it, returns to user
  5. Next user in the same area gets it from cache — origin never hit again

Cache duration is controlled by TTL (Time To Live) — how long CloudFront holds a copy before going back to origin.

Origins — Where CloudFront Pulls Content From

image.png

Origin Use Case
S3 Bucket Static files — images, videos, HTML. Keep bucket private using OAC
EC2 / ALB App backend — dynamic content
VPC Origin Apps in private subnets (private ALB, NLB, EC2)
Custom HTTP Any public HTTP backend or S3 static website

OAC — Origin Access Control (for S3)

Keep your S3 bucket fully private. Use OAC + S3 bucket policy so only CloudFront can read from it.