17

I want to build a web/application server in AWS and I want to use CloudFront to deliver content with low latency and Application Load Balancer (ALB) to balance traffic between servers. If there are some contents needed to be cached, using CloudFront in front of ALB should benefit, however if not is it still recommended to use CloudFront in front of ALB in view of performance and cost? For example, which one of the following two alternatives is recommended?

  1. User always accesses ALB through CloudFront regardless of what content the user accesses.

  2. User accesses CloudFront or ALB directly depending on the content the user accesses.

Which one is the better pattern?

karel
  • 5,489
  • 46
  • 45
  • 50
SangminKim
  • 8,358
  • 14
  • 69
  • 125

1 Answers1

27

Neither option is wrong, but using CloudFront in front of ALB does provide some advantanges even for non-cacheable, dynamic content -- including faster TLS negotiation for viewers who are more distant from the ALB and optimized routing of requests, globally on the AWS Edge Network, from an edge location near the viewer, to the region where the ALB is located.

Depending on the location of the ALB and location of the viewer, CloudFront bandwidth out to the Internet can be up to $0.005/GB cheaper, compared to the ALB/EC2 pricing, or can be more... but the bandwidth from ALB to CloudFront is free, so you don't pay both charges.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • Thank you for your answering. How about when ALB and a viewer is in the same region? In this case, (Viewer -> CF) and (CF -> ALB) will be charged both, right? so that it will be costed more. – SangminKim May 02 '19 at 08:32
  • It doesn't matter where the viewer is located. Bandwidth from EC2 (ALB) to CloudFront is billed $0. – Michael - sqlbot May 02 '19 at 10:21
  • You mean alb -> cf is free but I am saying cf -> alb. Thank you – SangminKim May 02 '19 at 23:55
  • Ah, yes... cf -> alb traffic is $0.02/GB in North America and the EU, higher elsewhere. – Michael - sqlbot May 03 '19 at 10:14
  • @Michael-sqlbot Is there a latency gain when going through CF -> ALB, compared to directly accessing ALB through internet, when no TLS is involved? – Lahiru Chandima Jul 22 '21 at 12:13
  • 1
    @LahiruChandima Statistically speaking, there should still be an improvement, overall, but not as substantial as with HTTPS since TLS negotiation requires additional round trips, and since CloudFront's processing time is of course nonzero. The improvement would also require there to be sufficient traffic for CloudFront to be able to reuse edge-to-origin connections, so isolated, low-volume testing doesn't tell the entire story of how a higher traffic environment would perform. – Michael - sqlbot Jul 28 '21 at 16:28