Cloudfront and caching
In front of every public endpoint, we enable a Cloudfront distribution. Not a single endpoint is directly accessible via the internet unless there is Cloudfront distribution in front of it. This has two advantages
- Quick response for the users
- Less load on the endpoint
This way our infrastructure is protected at all times against unexpected sudden high traffic or continuous high load.
We force ourselves to set correct cache headers everywhere. We always try to maximise caching times when possible. Also, we enable a Cloudwatch alarm to notify us when the hit ratio would become too low.
We only choose for low or zero caching in very specific cases.
Preferred way of working
- Our websites are visited mainly from Europe, so we choose “North America and Europe” as price class.
- For SSL certificates, we use AWS Certificate Manager.
- For every Cloudfront distribution, we enable a CNAME record. We don’t use the default distribution name.
- We always provide a static error page hosted on S3.
- We try to limit specific behaviours for specific paths to keep a clear oversight and minimise the chance of wrong cache headers.
- For certain projects, minimum TTLs are set on certain 4XX or 5XX codes.
- CDN invalidations are kept to a minimum, as invalidations are expensive.