首頁 » aws

CloudFront

由 datahunter 在 三, 30/03/2022 - 10:53 發表

最後更新: 2024-10-18

目錄

  • Flush Cache(create-invalidation)
  • Pricing
  • 找出 Distributions Id 及 DomainName
  • Cache 的 TTL
  • 限制只准 CloudFront 訪問 Server
  • Cache Header
  • Access Logs

 

Flush Cache(create-invalidation)

 

Cache behaviors per distribution Default: 25

Flush User 的 Permission

  • ListDistributions
  • ListInvalidations
  • GetInvalidation
  • CreateInvalidation

查看 CloudFront 的 ID (用於 CFID)

aws cloudfront list-distributions

Remove specific files from cache

aws cloudfront create-invalidation \
    --distribution-id $CFID \
    --paths "/static/example-file.css" "/static/example-file.jpg"

Remove all content from a specific directory

aws cloudfront create-invalidation \
    --distribution-id $CFID \
    --paths "/static/*"

Remove all objects stored in cache

aws cloudfront create-invalidation \
    --distribution-id $CFID \
    --paths "/*"

Check Status

aws cloudfront get-invalidation \
--distribution-id $CFID \
--id $ID

"--id" 由 "create-invalidation" 獲得

常目 file cache type

  • png, jpg, ico
  • mp4
  • woff2
  • css, js.map
  • js, css.map

 

Pricing

 

主要收費的項目

  • Data Transfer Out to Internet
  • Transfer Out to Origin

收費

Regional Data Transfer Out to Internet (per GB)

HK             USD$0.120           # First 10TB (1TB=HK$960)

Regional Data Transfer Out to Origin (per GB)

HK             USD$0.060

  • Request Pricing for All HTTP Methods (per 10,000)

HK    HTTP/HTTPS    USD$0.0090/$0.0120

  • Invalidation requests

An invalidation path can be for a single file (such as /images/logo.jpg) or for multiple files (such as /images/*).

A path that includes the * wildcard counts as one path even if it causes CloudFront to invalidate thousands of files.

No additional charge for the first 1,000 paths requested for invalidation each month. (one AWS account)

Thereafter, $0.005 per path requested for invalidation.

 

  • Real-time log requests

Real-time logs are charged based on the number of log lines that are generated.

You pay $0.01 for every 1,000,000 log lines

 

Price class

Options 1

Use North America, Europe, Asia, Middle East, and Africa

Options 2

Use all edge locations (best performance)

 

找出 Distributions Id 及 DomainName

 

aws cloudfront list-distributions > CF.txt

# .[4] 係看第 5 隻 cloudfront 的 settings

jq '.DistributionList.Items | .[4]' CF.txt  | less

# 看它的 Id 及 DomainName

jq '.DistributionList.Items | .[4] | .Id, .DomainName' CF.txt

 

Cache 的 TTL

 

Distributions > Behaviors > Your Rules > Object caching

  • Use origin cache headers
  • Customize

Use origin cache headers

Server is adding a "Cache-Control" header to your objects to control how long the objects stay in the CloudFront cache

The "origin cache headers" are always used, with either selection.

The only difference is whether you're using the standard 0/86400/31536000 values or Customize values...

Customize = 當 Server 沒有回應 Cache-Control header 時, 使用自定的 cache time

 

Origin

 

origin_read_timeout

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

 

限制只准 CloudFront 訪問 Server

 

實現方案

1. Secret Header

2. 限 IP

 

禁止 Cache 的 path call php

 

Apache

https://datahunter.org/node/2987#php_img

 

Cache Header

 

Reponse header:

x-cache: Miss from cloudfront
x-cache: Hit from cloudfront

 

Access Logs

 

Cloudfront 一共有兩款 logs, 分別是

  • standard logs (存放在 S3)
  • real-time logs

 * 不是每個 S3 Regions 都可以放 logs

standard logs

  • 每 5 ~ 10 分鍾保存一次 log

Log Fields

  • date time
  • x-edge-location [HKG62-C2]
  • sc-bytes c-ip
  • cs-method [GET], cs(Host) [ID.cloudfront.net], cs-uri-stem
  • sc-status [200]
  • cs(Referer), cs(User-Agent), cs-uri-query, cs(Cookie)
  • x-edge-result-type [Hit], x-edge-request-id [Base64], x-host-header
  • cs-protocol [https], cs-bytes, time-taken,
  • x-forwarded-for
  • ssl-protocol, ssl-cipher, x-edge-response-result-type [Hit]
  • cs-protocol-version [HTTP/2.0], fle-status, fle-encrypted-fields, c-port
  • time-to-first-byte, x-edge-detailed-result-type [Hit],
  • sc-content-type [application/pdf]
  • sc-content-len sc-range-start sc-range-end

說明

sc = cloudfront server

sc-bytes:

The total number of bytes that the server sent to the viewer (including headers)

sc-status:

The HTTP status code of the server's response.

x-edge-result-type:

How the server classified the response after the last byte left the server.

WebSocket connections will have a value of Miss for this field

Hit / Miss

RefreshHit - The server found the object in the cache but the object had expired,
                   so the server contacted the origin to verify that the cache had the latest version of the object.

Error

 - client error (the sc-status field is in the 4xx range)
 - server error (the sc-status field is in the 5xx range)

x-host-header

alternate domain names (CNAMEs) in your object URLs (e.g. www.example.com)

cs(Host) 永遠都是 CF 的 domain name

time-taken

由 server 收到 viewer's request 到 server 發出 last byte of the response

 

 

 

 

 

»
  • 瀏覽次數: 682