What are the benefits of using Amazon CloudFront together with Amazon API Gateway?
I want to know the benefits of using an Amazon CloudFront distribution in front of an API Gateway endpoint. In terms of performance, I understand that with API Gateway [edge-optimized API endpoints][1], you can terminate the API calls at the nearest CloudFront Point of Presence. Does API caching cache content at the Point of Presence or only at regional caches? Is caching a reason for using CloudFront together with API Gateway. Also, does using CloudFront in front of API Gateway provide benefits in terms of costs? [1]: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html#api-gateway-api-endpoint-types-edge-optimized
- 新しい順
- 投票が多い順
- コメントが多い順
The main reason to deploy a CloudFront distribution in front of an API Gateway endpoint is to reduce latency. The latency is reduced because of the following reasons:
- The clients connect to a nearby Point of Presence. From the Point of Presence, the traffic traverses AWS' managed network, which might have a better performance compared to the internet.
- The HTTPS handshake negotiation happens against the local Point of Presence. This reduces the round-trip time required for the handshake.
Another reason to deploy CloudFront along with API Gateway is increased security capabilities. Currently, AWS Shield Advanced doesn't support enabling protection on API Gateways, but supports CloudFront. Therefore, it's a best practice to place the CloudFront Distribution in front of the API Gateway and then enable protection on that distribution.
Caching definitely could be a reason to use CloudFront with API Gateway. API Gateway's built-in caching mechanism is fast and easy and it works with API Gateway's authentication, but it has some serious limitations:
- It's only available for older REST APIs.
- It's priced by the hour.
- Its error handling behaviour has an unexpected surprise - if API Gateway returns an error, either from your backing service or from API Gateway itself, it will cache the error. Amazon's recommended way to un-poison the cache is to get the client to make a follow-up request with a specific header - probably not something you'll want to do.
If your service is returning cacheable results, CloudFront can return a cache hit right from the nearest edge location (point of presence). The main downside of CloudFront is that it doesn't have built-in support for auth/auth. If you want to authenticate requests and be able to return cached results, you're going to be building, deploying and paying for Lambda@Edge functions.
And what about CloudFront distribution in front of HTTP API Gateway. Does it provide the same benefits in terms of performance? As far as I'm concerned this type of API Gateway uses Regional API endpoints. I wonder if I would benefit from a CloudFront distribution pointing to a HTTP API Gateway in a single region?
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 1年前
Does the point of presence provided by an edge-optimized API endpoint have the same advantages as a CloudFront distribution?