What is Amazon CloudFront?

Amazon CloudFront is AWS's Content Delivery Network (CDN) that speeds up distribution of static and dynamic web content — HTML, CSS, JavaScript, images, videos, APIs — by serving from edge locations closest to users. How it works: user requests content → CloudFront routes to nearest edge location (450+ globally) → if cached (cache hit), serves immediately → if not (cache miss), fetches from origin, caches, and serves. Origins: S3 bucket (ideal for static content), ALB/EC2, API Gateway, any HTTP server. Multiple origins with failover. Key features: (1) HTTPS/SSL: free TLS certificates via ACM (AWS Certificate Manager); (2) Custom domain: use your domain with CNAME; (3) Cache behaviors: per path pattern cache settings (e.g., /api/* bypass cache, /static/* cache for 1 year); (4) Cache invalidation: aws cloudfront create-invalidation --paths "/index.html" "/*"; (5) Lambda@Edge / CloudFront Functions: run code at edge locations — URL rewrites, auth, request/response manipulation; (6) Origin Access Control (OAC): restrict S3 access to CloudFront only (S3 not public); (7) WAF integration: block malicious traffic at edge; (8) Field-Level Encryption: encrypt sensitive data at edge; (9) Real-Time Logs: stream access logs to Kinesis. Pricing: data transfer from edge + HTTP request count. No charge for S3 origin data transfer to CloudFront within same region. Free tier: 1TB data transfer + 10M requests/month.