SAA_EN

Improved Origin Server Performance with CloudFront Cache

スポンサーリンク
Improved Origin Server Performance with CloudFront Cache. SAA_EN
スポンサーリンク
スポンサーリンク

Configuration using CloudFront cache to reduce number of requests to origin server

This is one of the topics covered in AWS SAA, which is about designing a high-performance architecture.
CloudFront is placed in front of the origin server to cache content and improve the performance of the origin server.

Environment

Diagram of improved origin server performance with CloudFront cache.

Set up an EC2 instance (Amazon Linux 2) on a public subnet. Install Apache on the instance and run it as a web server.
Deploy CloudFront in front of it to cache the instance’s contents.

CloudFormation template files

The above configuration is built with CloudFormation.
The CloudFormation template file is located at the following URL

awstut-saa/02/005 at main · awstut-an-r/awstut-saa
Contribute to awstut-an-r/awstut-saa development by creating an account on GitHub.

Explanation of key points in the template files

Enable DNS functionality for VPC

Configure the EC2 instance to be accessible by host name.

Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidrBlock EnableDnsHostnames: true EnableDnsSupport: true
Code language: YAML (yaml)

VPC offers a variety of features, one of which is DNS.

The following VPC attributes determine the DNS support provided for your VPC. If both attributes are enabled, an instance launched into the VPC receives a public DNS hostname if it is assigned a public IPv4 address or an Elastic IP address at creation.

DNS attributes in your VPC

The reason for setting up the DNS function is that we need the public DNS hostname of the EC2 instance.
This public DNS host name is used in specifying the origin server for CloudFront, described below.

To enable DNS functionality in a VPC, it is said that both of the following two parameters must be set to enable.

enableDnsHostnames
Determines whether the VPC supports assigning public DNS hostnames to instances with public IP addresses.

enableDnsSupport
Determines whether the VPC supports DNS resolution through the Amazon provided DNS server.

DNS attributes in your VPC

Set the EnableDnsHostnames and EnableDnsSupport properties to true according to the above.

Granting EIP to EC2 instance

Check the EC2 instance. The point is to grant a fixed address.

Resources: EIP: Type: AWS::EC2::EIP Properties: Domain: vpc EIPAssociation: Type: AWS::EC2::EIPAssociation Properties: AllocationId: !GetAtt EIP.AllocationId InstanceId: !Ref Instance Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref ImageId InstanceType: !Ref InstanceType NetworkInterfaces: - DeviceIndex: 0 SubnetId: !Ref PublicSubnet GroupSet: - !Ref InstanceSecurityGroup UserData: !Base64 | #!/bin/bash -xe yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd ec2-metadata -i > /var/www/html/index.html Outputs: InstancePublicDnsName: Value: !GetAtt Instance.PublicDnsName
Code language: YAML (yaml)

Assign a static IP address to the instance.
The public DNS hostname described above is created based on the public address. Therefore, if the public address is changed dynamically, the public DNS hostname may be changed accordingly.
To assign a fixed public address, use Elastic IP. After an Elastic IP is defined, it is associated with an EC2 instance.

Setting up = EC2 instance as CloudFront origin

First, check how to specify the origin server for CloudFront.

Resources: Distribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - CustomOriginConfig: OriginProtocolPolicy: http-only DomainName: !Ref InstancePublicDnsName Id: !Ref InstancePublicDnsName
Code language: YAML (yaml)

The origin server is specified with the Origins property.
Specify the domain name of the origin server in the DomainName property. In this case, specify the public DNS host name of the EC2 instance.
The CustomOriginConfig property allows you to change the behavior when CloudFront accesses the origin server. In this case, the EC2 instance, which is the origin server, listens for HTTP requests instead of HTTPS. Therefore, set the OriginProtocolPolicy property to “http-only”.
Specify the ID to be assigned to the origin server in the Id property. In this case, specify the public DNS host name of the instance. This value will be used in the cache configuration described below.

CloudFront cache settings

Finally, configure the cache settings.

Resources: Distribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: DefaultCacheBehavior: AllowedMethods: - GET - HEAD CachedMethods: - GET - HEAD Compress: true ForwardedValues: Cookies: Forward: none QueryString: false TargetOriginId: !Ref InstancePublicDnsName ViewerProtocolPolicy: allow-all DefaultTTL: !Ref CacheTTL MaxTTL: !Ref CacheTTL MinTTL: !Ref CacheTTL
Code language: YAML (yaml)

This time, only the EC2 instance is the origin server. Therefore, by setting the DefaultCacheBehavior property, the default cache settings for this CloudFront distribution are configured.
Specify the HTTP methods allowed in this distribution with the AlloedMethods property. The value to be set for this property is defined by the accepted method patterns.

A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:

・CloudFront forwards only GET and HEAD requests.
・CloudFront forwards only GET, HEAD, and OPTIONS requests.
・CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests.

AWS::CloudFront::Distribution DefaultCacheBehavior

In this case, only GETs will be accepted. Therefore, specify GET and HEAD.

The same goes for the CachedMethods property. The value to be set for this property depends on the method corresponding to the cache.

A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices:

・CloudFront caches responses to GET and HEAD requests.
・CloudFront caches responses to GET, HEAD, and OPTIONS requests.

AWS::CloudFront::Distribution DefaultCacheBehavior

GET and HEAD are also specified here.

In the TargetOriginId property, specify the origin server corresponding to this cache setting. In this case, the EC2 instance is used as the origin server, so the value specified for the Id property in the Origins property described above is also specified here.

In the ViewerProtocolPolicy property, you can specify the HTTP protocol accepted by the user when accessing the TargetOriginId property. In this case, HTTP and HTTPS are accepted. In this case, specifying “allow-all” will allow both protocols to be accepted.
Note that this property is a setting for the HTTP protocol between the user and CloudFront; the setting for the protocol between CloudFront and the origin server is set in the Origins property, as described above. In this case, CloudFront will communicate with the origin server using HTTP even if the user communicates with CloudFront using either HTTP or HTTPS protocol.

Finally, we set the TTL of the cache; three properties (DefaultTTL, MaxTTL, MinTTL) allow us to set the cache lifetime. In this case, we set them all to “60 (seconds)”.

Architecting

Using CloudFormation, we will build this environment and check its actual behavior.

Create CloudFormation stack and check resources in stack

Create a CloudFormation stack.
For information on how to create stacks and check each stack, please refer to the following page

After reviewing the resources in each stack, the following is the information on the main resources created in this case.

  • Instance ID: i-08665eb4768e384ec
  • Public DNS hostname for the instance: ec2-35-74-46-156.ap-northeast-1.compute.amazonaws.com
  • Domain name of CloudFront distribution: https://d3julxofsz7qa5.cloudfront.net

The AWS Management Console also checks the status of resource creation.
First, check the status of the EC2 instance.

The public DNS hostname of the EC2 instance is enabled.

You can see that the EIP has been assigned and that the public DNS hostname has been activated.

Next, check CloudFront.

A domain name is assigned to the CloudFront distribution.

You can see the domain name assigned to CloudFront.

An EC2 instance is registered as the origin of CloudFront.

An EC2 instance is set as the distribution origin.

An EC2 instance is registered as the default CloudFront behavior.

An EC2 instance is specified as the default path pattern.

Behavior check 1: Direct access to the EC2 instance

We are ready to go.
First, access the EC2 instance directly.

Direct access to EC 2 instances.

A response is returned from the instance.

Check the behavior at the time of the HTTP request.

Result of accessing the EC 2 instance directly.

If you access the public DNS hostname of the instance, you will see that traffic is flowing toward the instance’s EIP.

Behavior check 2: Accessing an EC2 instance via CloudFront

Finally, access CloudFront.

Access to EC 2 instances via CloudFront.

Here, too, a response is returned from the instance.

We will also check the behavior of HTTP requests.

Result 1 of accessing an EC2 instance via CloudFront.

When accessing CloudFront, we see that it is accessed via an edge location.
Looking at the cache item, we see “Miss front cloudfront”. This means that the content was not cached because it was accessed for the first time.

Access via CloudFront again.

Result 2 of accessing an EC2 instance via CloudFront.

After the second access, you will see “Hit front cloudfront”.
This means that the content cached in CloudFront is returned in response to the HTTP request.
In other words, the EC2 instance, which is the origin server, will not receive the request, which can be expected to improve server performance.

Summary

We have confirmed a configuration in which CloudFront is placed in front of the EC2 instance.

タイトルとURLをコピーしました