undefined | Better HN

0 pointsmlhpdx5mo ago0 comments

Yeah, it's not clear how resilient CloudFront is but it seems good. Since content is copied to the points of presence and cached it's the lightly used stuff that can break (we don't do writes through CloudFront, which in IMHO is an anti-pattern). We setup multiple "origins" for the content so hopefully that provides some resiliency -- not sure if it contributed positively in this case since CF is such a black box. I might setup some metadata for the different origins so we can tell which is in use.

0 comments

x3n0ph3n35mo ago

CloudFront isn't just for CDN, but also for DDoS protection. Writes through CloudFront are not an anti-pattern.

mlhpdxOP5mo ago

There is always more than a way to do things with AWS. But CloudFront Origin groups can’t use HTTP POST. They’re limited to read requests. Without origin groups you opt-out of some resiliency. IMHO that’s a bad trade-off. To each their own.

x3n0ph3n35mo ago

WAF is cheaper on CloudFront and so is traffic (compared to the ALB). It keeps bad traffic near the sender rather than near the recpient.

j / k navigate · click thread line to collapse

0 pointsmlhpdx5mo ago0 comments

0 comments

x3n0ph3n35mo ago

CloudFront isn't just for CDN, but also for DDoS protection. Writes through CloudFront are not an anti-pattern.

mlhpdxOP5mo ago

x3n0ph3n35mo ago

WAF is cheaper on CloudFront and so is traffic (compared to the ALB). It keeps bad traffic near the sender rather than near the recpient.

j / k navigate · click thread line to collapse