AWS Route 53 & CloudFront โ DNS & CDN
AWS Route 53 & CloudFront โ DNS & CDN
Section titled โAWS Route 53 & CloudFront โ DNS & CDNโRoute 53 โ DNS Service
Section titled โRoute 53 โ DNS ServiceโAmazon Route 53 is a highly available and scalable DNS (Domain Name System) service. It also provides domain registration and health checking.
In Azure terms: Route 53 = Azure DNS + Azure Traffic Manager (for routing policies)
What Route 53 Does
Section titled โWhat Route 53 Doesโ- Domain registration โ Buy and manage domain names
- DNS hosting โ Host DNS zones and serve DNS queries
- Health checking โ Monitor endpoints and route away from unhealthy targets
- Traffic routing policies โ Control how DNS responds to queries
Record Types
Section titled โRecord Typesโ| Record | Purpose | Example |
|---|---|---|
| A | Maps hostname to IPv4 address | api.example.com โ 1.2.3.4 |
| AAAA | Maps hostname to IPv6 address | api.example.com โ 2001:db8::1 |
| CNAME | Alias one hostname to another | www.example.com โ myapp.herokuapp.com |
| Alias | AWS-specific CNAME to AWS resources (no charge for queries) | app.example.com โ ALB DNS name |
| MX | Mail server records | Used for email routing |
| TXT | Text records for verification | SPF, DKIM, site verification |
| NS | Name server records | Which servers are authoritative |
| SOA | Start of authority | Zone metadata |
Routing Policies
Section titled โRouting Policiesโ| Policy | Description | Use Case |
|---|---|---|
| Simple | Single record, no health check | Single endpoint |
| Weighted | Split traffic by percentage (e.g., 90/10) | A/B testing, gradual migration |
| Latency-based | Route to the region with lowest latency | Multi-region apps |
| Failover | Primary/secondary โ switch on health check failure | Disaster recovery |
| Geolocation | Route based on userโs geographic location | Data sovereignty, localization |
| Geoproximity | Route based on location + adjustable bias | Traffic shaping |
| Multivalue | Return multiple healthy records | Simple load balancing |
Health Checks
Section titled โHealth ChecksโRoute 53 can monitor endpoints (HTTP, HTTPS, TCP) and:
- Return DNS only for healthy endpoints
- Send SNS alerts when endpoints go unhealthy
- Enable DNS failover between regions
CloudFront โ Content Delivery Network (CDN)
Section titled โCloudFront โ Content Delivery Network (CDN)โAmazon CloudFront is a fast, global Content Delivery Network that delivers content (static files, APIs, videos, dynamic web pages) through 400+ edge locations worldwide.
In Azure terms: CloudFront = Azure CDN / Azure Front Door
How CloudFront Works
Section titled โHow CloudFront WorksโUser in Tokyo โ CloudFront Edge (Tokyo) โ (cache miss โ first request) Origin Server (us-east-1) โ (cached for subsequent requests)User in Tokyo โ Content served from Edge (< 10ms)CloudFront Origins
Section titled โCloudFront Originsโ| Origin Type | Example |
|---|---|
| S3 Bucket | Static website, file downloads |
| ALB / EC2 | Dynamic web apps and APIs |
| API Gateway | Serverless API endpoint |
| Custom HTTP | Any HTTP server, on-prem |
| MediaStore / MediaPackage | Live/on-demand video streaming |
Key CloudFront Features
Section titled โKey CloudFront Featuresโ| Feature | Description |
|---|---|
| HTTPS / TLS | Free SSL certificate via AWS Certificate Manager (ACM) |
| Geo Restriction | Block or allow specific countries |
| Signed URLs / Signed Cookies | Private content access control |
| Lambda@Edge | Run Node.js/Python code at the edge (per request) |
| CloudFront Functions | Lightweight JS at the edge (faster, cheaper than Lambda@Edge) |
| Origin Shield | Extra caching layer between edges and origin โ reduces origin load |
| Real-Time Logs | Stream access logs to Kinesis |
| WAF Integration | Attach AWS WAF for protection against OWASP threats |
Cache Behavior
Section titled โCache BehaviorโCache behavior determines what gets cached and how:
- TTL (Time to Live): How long content stays in edge caches
- Cache-Control headers: Set by origin to control caching
- Invalidation: Force-expire cached content (charged per invalidation)
# Invalidate all files in a CloudFront distributionaws cloudfront create-invalidation \ --distribution-id E1234567890 \ --paths "/*"Route 53 + CloudFront + S3 โ Static Website Pattern
Section titled โRoute 53 + CloudFront + S3 โ Static Website PatternโUser โ Route 53 (DNS: mysite.com โ CloudFront) โ CloudFront (HTTPS, edge caching) โ S3 Bucket (HTML/CSS/JS)This is a common, cost-effective static website hosting pattern:
- Host files in S3
- Put CloudFront in front (HTTPS, custom domain, caching)
- Point your domain in Route 53 to CloudFront with an Alias record
Route 53 + CloudFront vs Azure Front Door
Section titled โRoute 53 + CloudFront vs Azure Front Doorโ| Feature | Route 53 + CloudFront | Azure Front Door |
|---|---|---|
| DNS | Route 53 | Azure DNS |
| CDN | CloudFront | Azure CDN / Front Door |
| Custom routing | Route 53 routing policies | Traffic Manager |
| WAF | AWS WAF (attached to CloudFront) | Azure WAF (on Front Door) |
| Edge compute | Lambda@Edge, CloudFront Functions | Azure Functions (Central) |
| DDoS | AWS Shield (CloudFront integration) | Azure DDoS Protection |