- Newest
- Most votes
- Most comments
Hey..Himanshu
If you’re using AWS Direct Connect with both Public and Private VIFs, and you're accessing a CloudFront distribution from an on-premises location, the traffic will not route over the Direct Connect Public VIF.
Here’s why:
1.CloudFront Edge Locations use public IPs, but they belong to the CloudFront service (*.cloudfront.net domain), not AWS public services that typically use Direct Cannect’s Public VIF (like S3, EC2, etc.).
2.The Public VIF connects your on-premises network to AWS services that have public IPs within the AWS global network. However, CloudFront distributions are served from a global network of edge locations, not directly within the AWS backbone, so traffic to CloudFront will still go over the internet rather than through the Public VIF.
3.Even though CloudFront IPs are listed in the AWS CloudFront IP range, they are designed to handle content delivery over the public internet.
So, traffic to CloudFront from your on-premises environment will hop over the internet, not the Public VIF.
For more information, check out this AWS CloudFront documentation: Locations of Edge Servers https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
Relevant content
- asked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago