AWS CloudFront and Route 53 Explained for AWS SAA-C03

CloudFront is a Content Delivery Network. You configure a distribution with one or more origins (where the original content lives: an S3 bucket, an ALB, an EC2 instance, or any HTTP server) and behaviors that define how requests are handled for different URL path patterns. When a user requests a file, CloudFront checks the nearest edge location. If the file is cached and has not expired, it returns from the edge. If not, CloudFront fetches it from the origin, caches it at the edge, and returns it to the user.

The cache behavior controls how long content stays in the edge cache (TTL), which HTTP headers and cookies get forwarded to the origin (forwarding these items reduces the cache hit ratio), and whether to compress objects automatically. Cache hit ratio is the percentage of requests served from the edge versus the origin. A high cache hit ratio means lower latency for users and lower traffic to your origin. Improve it by setting appropriate TTLs and minimizing unnecessary header and cookie forwarding.

CloudFront integrates with AWS WAF for web application firewall protection at the edge, with Lambda@Edge and CloudFront Functions for request/response manipulation at edge locations, with S3 Origin Access Control for serving private S3 content only through CloudFront, and with AWS Shield for DDoS protection. CloudFront signed URLs and signed cookies restrict access to private content by embedding an expiry and a signature.

Route 53 is AWS's authoritative DNS service. It resolves domain names to endpoints and supports routing decisions based on conditions you define. Simple routing returns a single record, or multiple values randomly if you specify several. Weighted routing splits traffic between endpoints by percentage, useful for blue-green deployments or canary releases.

Latency-based routing sends users to the AWS Region with the lowest network latency from their location. This is not the same as the closest region geographically: latency depends on network conditions, not map distance. Failover routing directs traffic to a primary endpoint and falls back to a secondary when Route 53 health checks detect the primary is down. Geolocation routing sends users to specific endpoints based on their country or continent. Geoproximity routing (available through Traffic Flow) routes based on geographic distance, with a configurable bias to shift more or less traffic toward an endpoint.

Health checks are Route 53's mechanism for detecting endpoint failures. They can monitor an endpoint directly, monitor the status of other health checks (calculated health checks), or monitor CloudWatch alarms. When a health check fails, Route 53 stops routing to that endpoint if the routing policy supports failover. Multivalue answer routing returns up to eight healthy records in response to a query, providing a basic form of load balancing at the DNS level.

CloudFront cache hit ratio improvement: increase TTL, reduce forwarded headers and cookies, use cache policies correctly.

Restrict S3 content to CloudFront only: Origin Access Control (OAC), block public S3 access, grant CloudFront principal access via bucket policy.

Route 53 weighted: percentage-based traffic split. Use for canary releases and A/B testing.

Route 53 latency-based: lowest round-trip time to an AWS Region. Use for global applications.

Route 53 failover: primary and secondary endpoints with health checks. Use for active-passive failover.

Route 53 geolocation: route by user country or continent. Useful for data residency requirements.

Alias records: Route 53-specific record type that resolves to AWS resources (ALB, CloudFront, S3 website) without an IP address. No TTL charge for Alias queries.