- Newest
- Most votes
- Most comments
In short: If you disable caching you lose very little protection. Perhaps a tiny bit but not that much.
Regardless of whether caching is enabled or not, CloudFront terminates the request from the browser and then performs a new request towards the origin - assuming all things go well: WAF; Lambda@Edge; CloudFront Functions; etc. So if there is some sort of mailicious activity or DDoS event happening CloudFront will see that traffic first and you can choose to (say) block it using WAF or have the other mechanisms in CloudFront (such as SYN flood mitigation) protect you.
Caching helps here because it means that requests that are cached don't hit your origin. In a "high load" event this can reduce the amount of traffic that is sent to your application which is (in general) always a good thing. With caching disabled, all valid requests will be handled by the origin - increasing load, cost and delays to the original requester. Of course, that's up to you but if you can cache things in CloudFront it is well worth it.
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 10 months ago