SAA_EN

Improved Origin Server Performance with CloudFront Cache

Configuration using CloudFront cache to reduce number of requests to origin server

This is one of the topics covered in AWS SAA, which is about designing a high-performance architecture.
CloudFront is placed in front of the origin server to cache content and improve the performance of the origin server.

Environment

Diagram of improved origin server performance with CloudFront cache.

Set up an EC2 instance (Amazon Linux 2) on a public subnet. Install Apache on the instance and run it as a web server.
Deploy CloudFront in front of it to cache the instance’s contents.

CloudFormation template files

The above configuration is built with CloudFormation.
The CloudFormation template file is located at the following URL

awstut-saa/02/005 at main · awstut-an-r/awstut-saa
Contribute to awstut-an-r/awstut-saa development by creating an account on GitHub.

Explanation of key points in the template files

Enable DNS functionality for VPC

Configure the EC2 instance to be accessible by host name.

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VPCCidrBlock
      EnableDnsHostnames: true
      EnableDnsSupport: true
Code language: YAML (yaml)

VPC offers a variety of features, one of which is DNS.

The following VPC attributes determine the DNS support provided for your VPC. If both attributes are enabled, an instance launched into the VPC receives a public DNS hostname if it is assigned a public IPv4 address or an Elastic IP address at creation.

DNS attributes in your VPC

The reason for setting up the DNS function is that we need the public DNS hostname of the EC2 instance.
This public DNS host name is used in specifying the origin server for CloudFront, described below.

To enable DNS functionality in a VPC, it is said that both of the following two parameters must be set to enable.

enableDnsHostnames
Determines whether the VPC supports assigning public DNS hostnames to instances with public IP addresses.

enableDnsSupport
Determines whether the VPC supports DNS resolution through the Amazon provided DNS server.

DNS attributes in your VPC

Set the EnableDnsHostnames and EnableDnsSupport properties to true according to the above.

Granting EIP to EC2 instance

Check the EC2 instance. The point is to grant a fixed address.

Resources:
  EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
      
  EIPAssociation:
    Type: AWS::EC2::EIPAssociation
    Properties:
      AllocationId: !GetAtt EIP.AllocationId
      InstanceId: !Ref Instance
      
  Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType
      NetworkInterfaces:
        - DeviceIndex: 0
          SubnetId: !Ref PublicSubnet
          GroupSet:
            - !Ref InstanceSecurityGroup
      UserData: !Base64 |
        #!/bin/bash -xe
        yum update -y
        yum install -y httpd
        systemctl start httpd
        systemctl enable httpd
        ec2-metadata -i > /var/www/html/index.html
            
            
Outputs:
  InstancePublicDnsName:
    Value: !GetAtt Instance.PublicDnsName
Code language: YAML (yaml)

Assign a static IP address to the instance.
The public DNS hostname described above is created based on the public address. Therefore, if the public address is changed dynamically, the public DNS hostname may be changed accordingly.
To assign a fixed public address, use Elastic IP. After an Elastic IP is defined, it is associated with an EC2 instance.

Setting up = EC2 instance as CloudFront origin

First, check how to specify the origin server for CloudFront.

Resources:
  Distribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Origins:
          - CustomOriginConfig:
              OriginProtocolPolicy: http-only
            DomainName: !Ref InstancePublicDnsName
            Id: !Ref InstancePublicDnsName
Code language: YAML (yaml)

The origin server is specified with the Origins property.
Specify the domain name of the origin server in the DomainName property. In this case, specify the public DNS host name of the EC2 instance.
The CustomOriginConfig property allows you to change the behavior when CloudFront accesses the origin server. In this case, the EC2 instance, which is the origin server, listens for HTTP requests instead of HTTPS. Therefore, set the OriginProtocolPolicy property to “http-only”.
Specify the ID to be assigned to the origin server in the Id property. In this case, specify the public DNS host name of the instance. This value will be used in the cache configuration described below.

CloudFront cache settings

Finally, configure the cache settings.

Resources:
  Distribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
          CachedMethods:
            - GET
            - HEAD
          Compress: true
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: false
          TargetOriginId: !Ref InstancePublicDnsName
          ViewerProtocolPolicy: allow-all
          DefaultTTL: !Ref CacheTTL
          MaxTTL: !Ref CacheTTL
          MinTTL: !Ref CacheTTL
Code language: YAML (yaml)

This time, only the EC2 instance is the origin server. Therefore, by setting the DefaultCacheBehavior property, the default cache settings for this CloudFront distribution are configured.
Specify the HTTP methods allowed in this distribution with the AlloedMethods property. The value to be set for this property is defined by the accepted method patterns.

A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:

・CloudFront forwards only GET and HEAD requests.
・CloudFront forwards only GET, HEAD, and OPTIONS requests.
・CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests.

AWS::CloudFront::Distribution DefaultCacheBehavior

In this case, only GETs will be accepted. Therefore, specify GET and HEAD.

The same goes for the CachedMethods property. The value to be set for this property depends on the method corresponding to the cache.

A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices:

・CloudFront caches responses to GET and HEAD requests.
・CloudFront caches responses to GET, HEAD, and OPTIONS requests.

AWS::CloudFront::Distribution DefaultCacheBehavior

GET and HEAD are also specified here.

In the TargetOriginId property, specify the origin server corresponding to this cache setting. In this case, the EC2 instance is used as the origin server, so the value specified for the Id property in the Origins property described above is also specified here.

In the ViewerProtocolPolicy property, you can specify the HTTP protocol accepted by the user when accessing the TargetOriginId property. In this case, HTTP and HTTPS are accepted. In this case, specifying “allow-all” will allow both protocols to be accepted.
Note that this property is a setting for the HTTP protocol between the user and CloudFront; the setting for the protocol between CloudFront and the origin server is set in the Origins property, as described above. In this case, CloudFront will communicate with the origin server using HTTP even if the user communicates with CloudFront using either HTTP or HTTPS protocol.

Finally, we set the TTL of the cache; three properties (DefaultTTL, MaxTTL, MinTTL) allow us to set the cache lifetime. In this case, we set them all to “60 (seconds)”.

Architecting

Using CloudFormation, we will build this environment and check its actual behavior.

Create CloudFormation stack and check resources in stack

Create a CloudFormation stack.
For information on how to create stacks and check each stack, please refer to the following page

After reviewing the resources in each stack, the following is the information on the main resources created in this case.

  • Instance ID: i-08665eb4768e384ec
  • Public DNS hostname for the instance: ec2-35-74-46-156.ap-northeast-1.compute.amazonaws.com
  • Domain name of CloudFront distribution: https://d3julxofsz7qa5.cloudfront.net

The AWS Management Console also checks the status of resource creation.
First, check the status of the EC2 instance.

The public DNS hostname of the EC2 instance is enabled.

You can see that the EIP has been assigned and that the public DNS hostname has been activated.

Next, check CloudFront.

A domain name is assigned to the CloudFront distribution.

You can see the domain name assigned to CloudFront.

An EC2 instance is registered as the origin of CloudFront.

An EC2 instance is set as the distribution origin.

An EC2 instance is registered as the default CloudFront behavior.

An EC2 instance is specified as the default path pattern.

Behavior check 1: Direct access to the EC2 instance

We are ready to go.
First, access the EC2 instance directly.

Direct access to EC 2 instances.

A response is returned from the instance.

Check the behavior at the time of the HTTP request.

Result of accessing the EC 2 instance directly.

If you access the public DNS hostname of the instance, you will see that traffic is flowing toward the instance’s EIP.

Behavior check 2: Accessing an EC2 instance via CloudFront

Finally, access CloudFront.

Access to EC 2 instances via CloudFront.

Here, too, a response is returned from the instance.

We will also check the behavior of HTTP requests.

Result 1 of accessing an EC2 instance via CloudFront.

When accessing CloudFront, we see that it is accessed via an edge location.
Looking at the cache item, we see “Miss front cloudfront”. This means that the content was not cached because it was accessed for the first time.

Access via CloudFront again.

Result 2 of accessing an EC2 instance via CloudFront.

After the second access, you will see “Hit front cloudfront”.
This means that the content cached in CloudFront is returned in response to the HTTP request.
In other words, the EC2 instance, which is the origin server, will not receive the request, which can be expected to improve server performance.

Summary

We have confirmed a configuration in which CloudFront is placed in front of the EC2 instance.

タイトルとURLをコピーしました