Function Junction

Cloudfront Cache Behaviour

11 May 20253 min read

It allows you to set various things, but the most important is that it needs to be pointed to the origin and enabled. It also needs to receive aliases (Alternate domain name) as domain names for distribution.

Default root Object is an object that CloudFront should return when the user requests root URL. If you host a static website, it probably will be index.html

As part of cache behaviour definition, you should also specify where it should be available (Price Class) and add CloudFront Restriction

Example

ordered_cache_behavior {  
  path_pattern = "*"  
  target_origin_id = "my-origin"  
  viewer_protocol_policy = "redirect-to-https"  
  allowed_methods = ["GET", "HEAD"]  
  cached_methods = ["GET", "HEAD"]  
  min_ttl = 0  
  default_ttl = 3600  
  max_ttl = 86400  
  forwarded_values {  
    query_string = false  
    cookies {  
      forward = "none"  
    }  
  }

forwarded_values

Allow you to ignore query strings and cookies when forwarding request to the origin and not include them in cache. It is great when static content does not depend on them in viewer requests

allowed_methods

Allowed method controls which HTTP methods should use and forward to the origin

cached_method

Cached method controls which methods should be cached.

viewer_protocol_policy

Control the protocol that viewers can use to communicate with CloudFront.

  • allow-all: Viewers can use both HTTP and HTTPS protocols. CloudFront does not redirect HTTP requests to HTTPS.
  • redirect-to-https: Viewers can use both HTTP and HTTPS protocols. CloudFront automatically redirects HTTP requests to HTTPS requests. CloudFront returns HTTP status code 301 (Moved Permanently) along with the new HTTPS URL.
  • https-only: Viewers can use only the HTTPS protocol. CloudFront returns HTTP status code 403 (Forbidden) for HTTP requests.

viewer_certificate

  • cloudfront_default_certificate: A boolean value that indicates whether to use the CloudFront default certificate. This option is valid only if you’re using the CloudFront domain name for your distribution, such as xxxxxxx.cloudfront.net. If you’re using your own domain name, such as example.com, you must specify one of the following options instead: acm_certificate_arn, iam_certificate_id
  • acm_certificate_arn: The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate that you want to use for your distribution. This option is valid only if you’re using your own domain name and you have requested or imported a certificate using ACM. You must also specify a value for minimum_protocol_version and ssl_support_method.
  • iam_certificate_id: The ID of the AWS Identity and Access Management (IAM) certificate that you want to use for your distribution. This option is valid only if you’re using your own domain name and you have uploaded a certificate using IAM.

Compression

AWS allows to use gzip and brotli compressions and brotli delivers smaller compressed files which, in return, improves UX as users get files much sooner.

resource "aws_cloudfront_cache_policy" "example" {  
  name = "example-policy"  
  (...)  
  enable_accept_encoding_brotli = true # This enables brotli compression  
  nable_accept_encoding_gzip = true # This enables gzip compression  
  }  
}

Recent Notes

Backlinks