Cache Distribution pattern is Place the cache data of the content distributed from the content distribution source (origin) to the location located all over the world. By doing so, you will be distributing content geographically closer to the user, and you can resolve geographical / physical constraints. When this pattern is applied, the distance between the user and the content is shortened, so that the response to the user can be improved.
Implementation
Using AWS ‘CloudFront, you can use cash servers (edge servers) around the world.
- Decide the origin server to serve as the content delivery source, and place the content.
- Set up CloudFront to use the origin server. When setting, DNS name of “xxxx.cloudfront.net” (xxxx part is generated randomly) is issued.
- You can use this automatically issued DNS name, but you can also use your own domain name. In that case, set the DNS name of the issued CloudFront in the CNAME record of the DNS name of the origin server.
To Know More About Terraform: Terraform
Issues to be solved
With the spread of computers and mobile devices, more people have come to access content on the Internet from more areas. Further, image and moving image data are of higher quality and the amount of data is also very large.
From the user experience point of view, it is required to deliver data to users more quickly and stably, but with current technology, for example, accessing a server on the east coast of the United States from Japan will result in a communication delay of at least 200 milliseconds Is generated. For this reason, if there is only one source of content, the user experience gets worse.
advantage
- A better user experience can be provided for geographically separated users.
- Since file download processing can be distributed, there is also load distribution effect.
- By using an existing server (server other than EC 2 such as on-line and hosting) as an origin server, it is possible to apply patterns while taking advantage of existing servers.
- As an origin server, S3 can also be used directly as an origin.
- When you want to deliver a limited area, you can deliver only the target area by using CloudFront’s area limited function
Implementation of Cache Distribution pattern using Terraform
Let’s put static content of Origin on S3 and distribute that cache on CloudFront.
To Know More About Terraform: Terraform
main.tf
policy.json.tpl
Code explanation
In this case, we will set up not to directly access the endpoint of S3, so we will create an origin access identity. To restrict access to the S3 bucket using the origin access identity, the following entry written by our company is helpful.
Bucket policy is being created from template. Variables on Terraform ${variable}can be expanded by embedding them in a template in the form and rendering them.
Create a bucket in S3. Static Website Hosting function is enabled, ACL is public-read in, the bucket policy for the bucket to create s3:GetObject will not be allowed to. In order to let you access content only from CloudFront, specify the ID of the origin access identity in Principle.
Upload index.html to the created bucket.
Finally, lets create a CloudFront. Details are detailed in the document, but the correspondence table with the case where CloudFront was created in the management console is described below.
Setting on Terraform | Value on Terraform | Settings on the management console | Value on the management console |
enabled | true | Distribution State | Enabled |
comment | us-west-2-cloudfront-resource-demo | Comment | us-west-2-cloudfront-resource-demo |
default_root_object | index.html | Default Root Object | index.html |
price_class | PriceClass_200 | Price Class | Use Only US, Europe and Asia |
retain_on_delete | true | N / A (Terraform specific function) | N/A |
origin – domain_name | us-west-2-cloudfront-resource-demo.s3.amazonaws.com | Origin Domain Name | us-west-2-cloudfront-resource-demo.s3.amazonaws.com |
origin – origin_id | us-west-2-cloudfront-resource-demo | Origin ID | us-west-2-cloudfront-resource-demo |
origin – s3_origin_config – origin_access_identity | origin-access-identity/cloudfront/ABC123 | Origin Access Identity | origin-access-identity/cloudfront/ABC123 |
default_cache_behavior – allowed_methods | [“GET”, “HEAD”] | Allowed HTTP Methods | GET, HEAD |
default_cache_behavior – cached_methods | [“GET”, “HEAD”] | Cached HTTP Methods | GET, HEAD (Cached by default) |
default_cache_behavior – target_origin_id | us-west-2-cloudfront-resource-demo | Origin | us-west-2-cloudfront-resource-demo |
default_cache_behavior – forwarded_values – query_string | false | Forward Headers | None (Improves Caching) |
default_cache_behavior – forwarded_values – cookies – forward | none | Forward Cookies | None (Improves Caching) |
default_cache_behavior – viewer_protocol_policy | allow-all | Viewer Protocol Policy | HTTP and HTTPS |
default_cache_behavior – min_ttl | 0 | Minimum TTL | 0 |
default_cache_behavior – default_ttl | 3600 | Default TTL | 3600 |
default_cache_behavior – max_ttl | 86400 | Maximum TTL | 86400 |
restrictions – geo_restriction – restriction_type | whitelist | Restriction Type | Whitelist |
restrictions – geo_restriction – locations | [“US”, “CA”, “IN”, “GB”, “DE”, “JP”] | Countries | CA — CANADA DE — GERMANY JP – JAPANIN -INDIA GB — UNITED KINGDOM US — UNITED STATES |
viewer_certificate – cloudfront_default_certificate | true | SSL Certificate | Default CloudFront Certificate (*.cloudfront.net) |
Let’s Run,
First we will set up the origin content. Since this is a test purpose this time, I will just install a simple HTML.
# echo 'Hello, World!' > index.html
Run Terraform with your AWS <access_key> & <secret_key>
# terraform plan -var access_key=<access_key> -var secret_key=<secret_key> # terraform apply -var access_key=<access_key> -var secret_key=<secret_key>
It takes about 15 – 20 minutes for CloudFront’s State to become deployed. Let’s access CloudFront’s domain when deployed. <cloudfront-domain-name> Please modify it to suit your own environment. It is successful if you can access both HTTP / HTTPS as follows
# curl http://<cloudfront-domain-name> Hello World! # curl https://<cloudfront-domain-name> Hello World!
Conversely, if you go directly to the endpoint of S3 and return 403 as below, you can confirm that the bucket policy is working as intended.
# curl <s3-website-endpoint>
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<ul>
<li>Code: AccessDenied</li>
<li>Message: Access Denied</li>
<li>RequestId: ABC123</li>
<li>HostId: ABC123</li>
</ul>
<hr/>
</body>
</html>
To Know More About Terraform: Terraform |