I sat down with the Amazon CloudFront team last month and they told me about three important new features that will allow you to build applications that are better and faster, with the potential to save you some money as well: cookie support, price classes, and enhanced logging. Let's take a look at each one in turn.
Cookie Support
You can now customize or personalize the dynamic content that you deliver to your users. You can now tell CloudFront to forward some or all of the HTTP cookies that it receives as part of a request to your custom origin server. Once you have done this for a particular distribution, CloudFront will use the forwarded cookie values as part of the key that it uses to identify a unique object in its cache.
Let's say that you use a cookie called USERID to identify a particular user to your application and that your application uses this cookie to customize the images that it delivers to the user. After you tell CloudFront to pass the USERID cookie to your origin server (possibly running on an EC2 instance), the origin server can inspect subsequent requests and customize its responses accordingly. For example, it could watermark all returned images with the user's name ("Customized for Jeff"). These customized images would be cached by CloudFront. This will speed access and will reduce the load on the origin server.
You can manage your distributions and select which cookies are to be forwarded using the AWS Management Console.
Price Classes
By default, CloudFront minimizes latency by delivering content from its entire global network of edge locations (AWS infrastructure map). In cost-sensitive situations you may want to trade latency for cost, opting to incur higher latency in exchange for lower data transfer and request costs. You can now do this by using CloudFront's new Price Classes feature. Using this feature, you can exclude the most expensive CloudFront locations from your distributions by choosing a predefined group of locations known as a Price Class. CloudFront will then deliver your content using the lowest latency edge location within the locations included in the selected price class.The price classes are defined as follows:
| Price Class All (Default) | Price Class 200 | Price Class 100 |
| United States | United States | United States |
| Europe | Europe | Europe |
| Hong Kong & Singapore | Hong Kong & Singapore | |
| Japan | Japan | |
| South America | ||
| Australia |
Read about choosing price classes in the CloudFront documentation.
Enhanced Logging (Effective September 12, 2012)
We have added three new fields to the CloudFront access logs:
- The result type of each HTTP request (cache hit, cache miss, error, and so forth).
- The value of the X-Amz-Cf-Id header that uniquely identifies the request in encrypted form (the AWS support team can use this information to troubleshoot and debug issues).
- The cookie header (if any) of the request. Logging of this field is optional.
To learn more, read about the CloudFront log file format in the documentation.
Application Support
Some of our solution providers are already making good use of these new features! Here are a couple of examples:
Qloudstat provides analytics and monitoring using CloudFront's access logs. As you can see from the image below, Qloudstat is already able to process the new log file format. It can produce analytics by result type and cookies in addition to the existing dimensions in the access logs.
The images below show you how to use the new CloudFront features with Bucket Explorer. You can select a distribution type:
You can adjust general settings for the distribution:
You can configure the origin for the distribution:
You can configure cache behavior:
And, finally, you can configure logging:
I know from past experience that you'll start using these new features right away. Leave me a comment and let me know what you think!
-- Jeff;
Jeff, our web application uses cookies to track the session state of our users' logged-in session. We serve static content (images/flash) from CloudFront (S3 origin) that we want to protect from users that are not currently logged in to our application. Will the new cookie feature (session cookie possibly sent to our EC2 instances from CF?) allow us to deny requests for invalid cookies (users not logged in)?
Posted by: Angelo | September 06, 2012 at 06:30 AM
Angelo: Maybe look at generating signed S3 URLs for logged-in users (for content whose S3 permissions aren't public-read):
http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
The new CloudFront feature doesn't change much for S3 origins, only for custom origins pointing to cookie-aware servers.
Posted by: R | September 06, 2012 at 05:56 PM
Are there plans for support for http post and SSL? Without the first of these, developers have to think about cloudfront at dev time, rather than leaving it a networking consideration - that stinks. Akamai, CDNetworks and all others with support for dynamic content keep it simple - I just cname, say what i want cached and what I want to proxy in real-time and voila - no changes to my origin. Amazon makes me think about what url to post to vs. get to, and...you can't run an JSON API over amazon that uses delete/put etc. - you're cutting off your user base a bunch by not making transition to cloudfront from a non-accelerated app easy (or even from the established players).
Posted by: Ben | September 28, 2012 at 08:11 PM