Your server is in the US. A user in India makes a request — it travels all the way to the US and back. Slow.
CloudFront fixes this by caching your content at edge locations around the world so users always get it from the nearest location.
Without CloudFront:
User in India --> Server in US (slow, far away)
With CloudFront:
User in India --> Edge Location in Mumbai (cached, fast)

Origin (S3 or EC2)
|
Amazon CloudFront Distribution
|
|-- Regional Edge Cache (REC) for Europe
| |-- Edge Location --> Viewers
| |-- Edge Location --> Viewers
|
|-- Regional Edge Cache (REC) for Asia
|-- Edge Location --> Viewers
|-- Edge Location --> Viewers
Request flow:
Cache duration is controlled by TTL (Time To Live) — how long CloudFront holds a copy before going back to origin.

| Origin | Use Case |
|---|---|
| S3 Bucket | Static files — images, videos, HTML. Keep bucket private using OAC |
| EC2 / ALB | App backend — dynamic content |
| VPC Origin | Apps in private subnets (private ALB, NLB, EC2) |
| Custom HTTP | Any public HTTP backend or S3 static website |
Keep your S3 bucket fully private. Use OAC + S3 bucket policy so only CloudFront can read from it.