CloudFront vs. Global Accelerator | Overview & Hands-On.

Here is twtech comparative Overview of Amazon CloudFront and AWS Global Accelerator. 

Scope:

• Intro,
• The concept: Amazon CloudFront,
• The concept: AWS Global Accelerator,
• Key Features,
• Use Cases,
• CloudFront vs. Global Accelerator,
• When to Use Each,
• Does twtech Needs both,
• Project: Hands-on

Intro:

 The concept: Amazon CloudFront

A Content Delivery Network (CDN) that caches and distributes static and dynamic web content (like HTML, CSS, JS, images, video) to users around the globe.

✅ Key Features:

• Caching at edge locations to reduce latency.
• Supports HTTPS, custom domains, and origin failover.
• Works closely with S3, EC2, Elastic Load Balancers, and Lambda@Edge.
• Can serve dynamic content, not just static.

✅ Use Cases:

• Accelerating websites and APIs.
• Serving static content from S3.
• Streaming video.
• Securing content delivery with signed URLs or headers.

 The concept: AWS Global Accelerator

A network layer accelerator that uses AWS’s global network to improve the availability and performance of twtech global applications (does not cache content).

✅ Key Features:

• Assigns static anycast IP addresses to twtech app.
• Automatically routes traffic through the optimal AWS edge location to the nearest healthy regional endpoint.
• Improves performance (especially for TCP/UDP apps) and resiliency.

✅ Use Cases:

• Improving latency and availability of non-HTTP applications (e.g., gaming, VoIP, financial apps).
• Routing traffic to nearest application endpoint in multi-region deployments.
• Replacing Route 53 + Load Balancer setups for global apps.

 CloudFront vs. Global Accelerator

Feature	CloudFront	Global Accelerator
Type	CDN	Network traffic accelerator
Content Caching	✅ Yes	❌ No
Optimized for	HTTP/HTTPS traffic	TCP/UDP traffic
Latency Improvement	✅ Yes (via caching)	✅ Yes (via network optimization)
Static IP Addresses	❌ No	✅ Yes (Anycast IPs)
Ideal for	Websites, APIs, video, static content	Multiplayer games, VoIP, real-time apps

 When to Use Each:

• ✅ Use CloudFront if  serving web content, APIs, or static files and want to reduce latency with caching.
• ✅ Use Global Accelerator if running a global application that requires low-latency access to regional endpoints (especially for non-HTTP traffic or needing static IPs).

Does twtech Needs both

Yes:

 In some advanced architectures, twtech may use Global Accelerator to route users to the nearest CloudFront distribution or Application Load Balancer for maximum performance and availability.

Project: Hands-on

• How twtech creates s3 bucket to hold files for distribution via:  CloudFront distribution.
• Create a bucket: twtech-cloudfront-s3

• Slelect and Upload some objects (files) into the bucket: twtech-cloudfront-s3

• Objects don’t have permission to be seen publicly: Access Denied

• twtech used CloudFront to make objects in private bucket accessible without making  accessible in the public.
• Search aws services: CloudFront 

NB:

• CloudFront is a global service.
• Create a CloudFront distribution: twtech-cloudfront-distribution

• Assign a name: twtech-cloudfront-distribution

• Select Custom domain (optional)  or insert a custom domain and  check domain

Domain: twtechapp.com

• Use twtech custom domain with free HTTPS to provide a secure, friendly URL for twtech app. 
• twtech can add a custom domain later if twtech does not have a Route 53 zone in this account.

• Specify origin

Origin

• S3 origin
• Choose an AWS origin, or enter your origin's domain name

From:

To: 

• select bucket location

• S3 origin from cloudfront: 

      twtech-cloudfront-s3.s3.us-east-2.amazonaws.com

• Proceed with configuration of cloudfront distribution: twtech-cloudfront-distributiion

• CloudFront can automatically create a certificate for the following domains: enabled

  *.twtech.click

• Create a wildcard certificate This certificate will be valid for *.twtech.clcik
• Create a wildcat certificate for domain: twtech.clcik
• If custom domain names have been registered, select one: twtech.click

• View certificate created for domain: twtechapp.com

• TLS certificate is issued by us-east-1 region: N. Virginia

• Review and create CloudFront distribution: twtech-cloudfront-distribution

• It takes a couple of minutes to be fully deployed:

• twtech updates the s3 bucket policy (twtech-cloudfront-s3):  so that CloudFront distriburion can access the bucket.
• Select the bucket and click open: twtech-cloudfront-s3

• In the bucket (twtech-cloudfront-s3), navigate to permissions tab.

• Scroll down to Bucket policy to: edit if policy is not auto generated.

From:

To:

• Delete the entire script and use that policy generated by aws cloudfront: origin

Edit: origin

• Copy the policy genetated by aws and then cancel the page:

# twtech-sample-cloudfront-s3-policy

#  json

{

        "Version": "2008-10-17",

        "Id": "PolicyForCloudFrontPrivateContent",

        "Statement": [

            {

                "Sid": "twtechAllowCloudFrontServicePrincipal",

                "Effect": "Allow",

                "Principal": {

                    "Service": "cloudfront.amazonaws.com"

                },

                "Action": "s3:GetObject",

                "Resource": "arn:aws:s3:::twtech-cloudfront-s3/*",

                "Condition": {

                    "StringEquals": {

                      "AWS:SourceArn": "arn:aws:cloudfront::accountID:distribution/E3H6YAxxxxx"

                    }

                }

            }

        ]

      }

twtech accesses the bucket policy generated by aws cloudfront under: orgin 

• Navigate to bucket permission tab to edit the bucket policy: so that cloudfront can have access to its objects.

• Scroll down and edit Bucket policy:

From:

To: 

• Copy and paste the policy genetated by aws under: cloudfront orgin

• Paste policy and Save changes:

• twtech accesses objects globally in the bucket from cloudfron distribution: twtech-cloudfront-distribution

• Distribution domain name: https://dnhouzyyxxxx1.cloudfront.net
• AccessDenied: the path to every object in the bucket must be added to access it.

• twtech accesses the object be adding the path of the object to the Distribution domain name:

https://dnhouzyyxxxx.cloudfront.net/papa.jpg

https://dnhouzyyxxxx.cloudfront.net/pat-atem.jpg

https://dnhouzyyxxxx.cloudfront.net/Patpaddy3.jpg

NB:

• twtech-Objects are secured with the TLS ceritificate issued by aws CMA(certificate management authority) for security (governance and compliance)
• Connection is secured with a TLS certificated attached to a domain name:  it is issued by aws to encrypt traffic.

NB:

• twtech may choose to create a distribution in the test environment without the TLS cerficate.
• However, aws redirects traffic to https: secured connection

 From:

To: 

• How twtech uses the distribution domain name with the object context path to access the ojects in bucket.

NB: 

AWS redirects traffic to https: secured connection

https://d1c1iqjz6xxx.cloudfront.net/twtech-object-name

https://d1c1iqjz6sxxx.cloudfront.net/papa.jpg

https://d1c1iqjz6sxxxx.cloudfront.net/pat-atem.jpg

https://d1c1iqjz6sxxx.cloudfront.net/Patpaddy3.jpg