Amazon CloudFront Extensions

What does this solution do?

Amazon CloudFront Extensions is a ready-to-use solution that allows you to operate hundreds of Amazon CloudFront distributions in your account. Amazon CloudFront is a global content delivery network ( CDN) provided by Amazon Web Services. You can select from pre-built features such as CloudFront monitoring, CloudFront versioning, and one-click deployable Lambda@Edge functions. Once you deploy the solution, you can use its built-in web console along with Amazon CloudFront to manage distributions easily.

Features

CloudFront monitoring

The solution provides two types of architectures for CloudFront monitoring: real-time monitoring based on Amazon Kinesis and non-real-time monitoring based on S3 Standard logging. By deploying this solution, you can set up the CloudFront distributions with over ten metrics (for example, download speed, cache hit ratio, and bandwidth) in minutes.

CloudFront versioning

On the solution web console, you can easily create configuration snapshots for any of CloudFront distributions in your account. You can compare the difference between any two snapshots. In addition, the solution also automatically saves distribution change history for troubleshooting purposes.

CloudFront distribution bulk creation with SSL Certificates

The solution provides APIs for you to bulk create CloudFront distributions in your account with your target alternative domain names (CNAMEs). The solution will create SSL Certificates in Amazon Certificate Manager (ACM) and automatically associate the SSL Certificates with newly created distributions.

Solution overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying Amazon CloudFormation template.

Architecture description

1. Amazon CloudFront distributes the solution frontend web UI assets hosted in Amazon S3 bucket.

2. Amazon Cognito user pool provides authentication for backend.

3. Amazon AppSync provides the backend GraphQL APIs.

4. Amazon API Gateway provides the backend RESTful APIs for SSL certificates and monitoring features.

5. Amazon DynamoDB stores the solution related information as backend database.

6. Amazon Lambda interacts with other Amazon Services to process core logic of monitoring, SSL certificates and extensions repository, and obtains information updated in DynamoDB tables.

7. Amazon Step Functions orchestrate workflows for creating ACM certificates, importing existed certificates and creating CloudFront distributions.

8. Extensions are shown in Extensions repository. Amazon CloudFormation and Amazon Serverless Application Repository will be triggered if you want to deploy an extension into your Amazon Web Services account.

9. Amazon Lambda stores CloudFront configuration changes into S3 bucket, and you can view the difference between two CloudFront configuration versions and apply the configuration.

10. Amazon Athena queries CloudFront standard logs or real-time logs to get CloudFront metrics and output it by API Gateway. You can also view the metrics by monitoring dashboard.