rights reserved. Origin Group Example of cross-regional application Users Tokyo Region (Secondary Origin) Edge Locations Amazon CloudWatch Synthetics Osaka Region (Primary Origin)
rights reserved. • You create an origin group with two origins: a primary and a secondary. • You can choose any combination of the following status codes: 403, 404, 500, 502, 503, or 504. When CloudFront receives a response with one of the status codes that you specify, it fails over to the secondary origin. • Origin failover is also possible for Lambda@Edge functions and custom error pages. Optimizing high availability with CloudFront origin failover with CloudFront Origin group
rights reserved. AWS Cloud Development Kit (CDK) Your language Just classes and methods AutoComplete Inline documentation Sane defaults Reusable classes DEV PREVIEW
rights reserved. Origin Group Creating a cross-regional stack using AWS CDK Users Edge Locations Tokyo Region (Secondary Origin) Amazon CloudWatch Synthetics Osaka Region (Primary Origin) OsakaOriginStack ap-northeast-3 CloudFrontStack us-east-1 SyntheticsStack us-west-2 TokyoOriginStack ap-northeast-1 ParameterStack ap-northeast-3
rights reserved. CloudFront related resources must be created in US East (N. Virginia) Region, us-east-1 • AWS WAFv2 WebACL: For CLOUDFRONT, you must create your WAFv2 resources in the US East (N. Virginia) Region, us-east-1. • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws- resource-wafv2-webacl.html#aws-resource-wafv2-webacl-properties • Lambda@Edge: The Lambda function must be in the US East (N. Virginia) Region, us-east-1. • https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge- functions-restrictions.html#lambda-at-edge-function-restrictions
rights reserved. Origin Group Sharing ALB Domain Name Users Edge Locations Tokyo Region (Secondary Origin) Amazon CloudWatch Synthetics Osaka Region (Primary Origin) OsakaOriginStack ap-northeast-3 CloudFrontStack us-east-1 TokyoOriginStack ap-northeast-1
rights reserved. Origin Group Sharing CloudFront Distribution Domain Name Users Edge Locations Tokyo Region (Secondary Origin) Amazon CloudWatch Synthetics Osaka Region (Primary Origin) CloudFrontStack us-east-1 SyntheticsStack us-west-2
rights reserved. Origin Group Sharing x-pre-shared-key using AWS Systems Manager Parameter Store Users Edge Locations Tokyo Region (Secondary Origin) Amazon CloudWatch Synthetics Osaka Region (Primary Origin) OsakaOriginStack ap-northeast-3 CloudFrontStack us-east-1 TokyoOriginStack ap-northeast-1 ParameterStack ap-northeast-3
rights reserved. Adding custom headers to origin requests • Configure your origin to accept requests which contains custom headers only. • ALB's custom rules also supports HTTP headers check capabilities. • Configure CloudFront to add custom headers which origin expects. • Then, you will be able to block malicious requests which try to bypass CloudFront to access origin directly (prevents inappropriate route access). Controlling access to content CloudFront Edge Custom origin server Client Header restriction Client Direct access Adding custom headers 403
rights reserved. Accessing resources in a different stack using CDK You can access resources in a different stack, as long as they are in the same account and AWS Region. https://docs.aws.amazon.com/ja_jp/cdk/latest/guide/resources.html#resource_stack const prod = { account: '123456789012', region: 'us-east-1' }; const stack1 = new StackThatProvidesABucket(app, 'Stack1' , { env: prod }); // stack2 will take a property { bucket: IBucket } const stack2 = new StackThatExpectsABucket(app, 'Stack2', { bucket: stack1.bucket, env: prod });
rights reserved. AWS CDK cross-regional cross- stack reference is not easy with the native AWS CDK construct library. https://github.com/pahud/cdk-remote-stack
rights reserved. cdk-remote-stack cdk-remote-stack aims to simplify the cross-regional cross-stack reference to help you easily build cross-regional multi-stack AWS CDK apps. This construct library provides two major constructs: • RemoteOutputs - cross regional stack outputs reference. • RemoteParameters - cross regional/account SSM parameters reference. https://github.com/pahud/cdk-remote-stack
rights reserved. RemoteOutputs uging cdk-remote-stack OsakaOriginStack in ap-northeast-3 CloudFrontStack in us-east-1 // Output ApplicationLoadBalancer DNS Name new cdk.CfnOutput(this, "AlbDomainName", { value: domainName }); // RemoteOutputs const primaryOriginStackOutputs = new RemoteOutputs(this, 'PrimaryOriginStackOutputs', { stack: props.primaryOriginStack, alwaysUpdate: false }); const primaryAlbDomainName = primaryOriginStackOutputs.get('AlbDomainName'); Example of referencing OsakaOriginStack's ALB Domain Name from N.Virginia's CloudFrontStack
rights reserved. RemoteParameters using cdk-remote-stack • Stacks from single account and different regions • Stacks from different accounts and different regions • dedicated account for a centralized parameter store https://github.com/pahud/cdk-remote-stack
rights reserved. Key Takeaways • RemoteOutputs and RemoteParameter in cdk-remote-stack make it simple to build cross-regional applications using AWS Edge Networking Services such as CloudFront. • You can build a cross-regional application with Osaka Region as the primary region!
twingob
lamodatech
ritou
toma_sm
ykosaka
p0deje
kzykmyzw
minorun365
gakumura
yuuu
shumpei3
masakiokuda
handy
keithpitt
csswizardry
lara
ufuk
hatefulcrawdad
afnizarnur
vanstee
maggiecrowley
bryan
paigeccino
speakerdeck
kevinliebholz
