How do I troubleshoot and reduce increased latency from CloudFront?

5 minute read

I'm seeing increased latency in responses from Amazon CloudFront. How can I identify the cause and reduce latency?

Short description

To troubleshoot latency from CloudFront, first identify which of the following events are contributing to the latency:

  • The time taken for requests to go between the Client and the CloudFront edge locations. This includes the Domain Name System (DNS) lookup process and TCP and SSL/TLS negotiations.
  • The time taken for requests to go between CloudFront and the origin. This includes the origin DNS lookup process, TCP and SSL/TLS negotiations with the origin, and time taken by the origin to process and respond with an object.

Then, follow the troubleshooting steps for the events that are causing the most latency.


Identify events causing latency from CloudFront:

To identify which events are causing latency from CloudFront, do one of the following:

  • Run the following cURL command:
curl -w "DNS_resolution: %{time_namelookup}| TCP_negotiation_time: %{time_connect}| SSL_negotiation_time: %{time_appconnect}| TTFB: %{time_starttransfer}| Total time: %{time_total} \n" -o /dev/null -vsL

Note: Replace with your CloudFront domain name or alternate domain name (CNAME) and URL path.

Based on the time-taken for each event or request, see the related Resolution section in this article.

If you observed latency in the past, then check the fields time-taken and time-to-first-byte in the CloudFront access logs. CloudFront access logs don't log the time taken by the client for the DNS lookup process and TCP and SSL/TLS negotiations

Reducing latency in DNS resolution

  • Increase DNS caching time in the client-side DNS.
  • Increase the Time to Live (TTL) of the cache in the local DNS server.
  • Increase the TTL on the DNS record in your DNS registrar/provider.
  • If the resolver DNS server from your internet service provider is causing latency, then consider using public DNS servers.

Reducing latency in TCP and SSL/TLS - Negotiation time

  • Check your local network bandwidth and internet bandwidth.
  • Check if there are any network disruption in your internet server provider or router.
  • Optimize your local network performance through your internet service provider or network routes.
  • Confirm you're using the correct DNS resolver that allows your web browser to find the closest and correct POP location.
  • To improve HTTPS site performance, keep your certification chain short.
  • Latency can be caused by a firewall, proxy, or local router. To determine which of these is causing latency, run the following MTR command from your system. See Diagnosing Network Issues with MTR for more information.
mtr -rw --no-dns

Note: Replace with your domain name.

Reducing latency in Time Taken for First Byte (TTFB) and Total Time Taken (TTL)

If CloudFront returns "X-Cache:Hit from cloudfront"

CloudFront returns "X-Cache:Hit from cloudfront" when requests are served from the closest edge location. To reduce latency:

If CloudFront returns "X-Cache:Miss from cloudfront"

If CloudFront returns "X-Cache:Miss from cloudfront" when the request is sent to the origin. To reduce latency:

  • Reduce the Round trip time (RTT) between CloudFront edge location to your origin location. If a request from a CloudFront edge location goes to the nearest origin location, then the RTT is less. However, TTFB is affected if the request is from an edge location geographically distant from the origin. To optimize the RTT, replicate origin server in multiple regions that are geographically closer to your users. Then, set up the DNS of your origin domain name so that it routes the request to origin servers based on latency or geolocation. If you're using Amazon Route 53 as your DNS provider, then see Choosing a routing policy for more information.
  • Turn on CloudFront automatic compression to compress files and reduce download speed. If your file format is not supported by CloudFront Automatic Compression, then pre-compress that file in your origin and serve it with Content-Encoding header.
  • Check the latency from the origin to CloudFront by enabling the Origin latency metric. Note: Standard CloudWatch rates apply.
  • Turn on CloudFront Origin Shield.
  • Add Response headers policies with Server-Timing header feature turned on. This feature can help you understand the events that are contributing to the latency between CloudFront and the origin.

Related information

How do I reduce the latency of slow responses from CloudFront?

How can I troubleshoot latency in my static website that's hosted on Amazon S3 and served through CloudFront?

What information should I give AWS Support for diagnosing CloudFront web distribution latency issues?

How do I determine what's causing request latency for my edge-optimized API endpoint in API Gateway?

AWS OFFICIALUpdated 2 years ago