Origins

Learn via video courses

Overview

An origin is a place where content is kept and from which CloudFront obtains it to provide to viewers. The location where files or objects are kept can be an S3 bucket, an EC2 instance, or your own HTTP server. Additionally, Origins may be Route 53 or an elastic load balancer.

What is Origins in AWS?

  • Origins in AWS refer to the Amazon S3 bucket, HTTP server, or potential EC2 instance where CloudFront obtains the content from.
  • You should create at least one origin. There are a few things you can do to ensure security and guarantee that your origin is providing information to CloudFront.
  • Utilizing an OAI (Origin Access Identity) for S3 will only allow CloudFront access to the S3 bucket. Any additional requests that are not made by CloudFront will be declined. origins in aws
  • You can use a signed URL so that CloudFront can use it to access the origin, and the origin will only respond if the signed URL's content is legitimate.
  • Additionally, you have the option of using an Origin Custom Header, which connects CloudFront to your origin and, based on the value of the header, instructs the origin to look for the header; otherwise, the request will be rejected if the header is missing or the value is incorrect.

Specifications of an Origin in AWS

For the specifications of an Origin in AWS, consider the following points:

  • To provide an Amazon S3 bucket that is not set up to host static websites, employ S3OriginConfig.
  • For all additional varieties of origins, utilize CustomOriginConfig, including:
    • A configured Amazon S3 bucket for hosting static websites
    • A load balancer with elastic load balancing
    • A MediaPackage endpoint for AWS Elemental
    • A container for AWS Elemental MediaStore
    • Any additional HTTP servers, whether they're hosted on an Amazon EC2 instance or another type of host

ConnectionAttempts

  • The number of attempts made by CloudFront to connect to the origin in AWS. As for the number of tries, you can choose between 1, 2, or 3. If you don't specify a number, the default is 3.
  •  By default, CloudFront delays connecting to the secondary origin for up to 30 seconds (3 attempts of 10 seconds each) before sending an error answer. This time can be decreased by setting a shorter connection timeout, fewer attempts, or both.
  •  If the predetermined amount of connection tries are unsuccessful, CloudFront does one of the following:
    • CloudFront tries to establish a connection with the secondary origin if the origin is a member of an origin group. If the set number of attempts to connect to the secondary origin are unsuccessful, CloudFront responds to the viewer with an error message.
    • The viewer receives an error response from CloudFront if the origin is not a member of an origin group.
  • Specifications:
    • Type: Integer
    • Required: No

ConnectionTimeout

  • The length of time CloudFront waits before attempting to connect to the origin. One to ten seconds (inclusive) can be chosen as the number of seconds. If you don't specify a timeout, the default is 10 seconds.
  • In the event that CloudFront is unable to connect to the origin within the predetermined amount of seconds, CloudFront will try to do either of the following:
    • Tries to establish a connection once more if the provided number of Connection attempts is greater than 1. Based on the value of Connection attempts, CloudFront makes up to three attempts.
    • Tries to connect to the secondary origin if all other efforts to connect to the origin fail and the origin is a member of an origin group. If the set number of attempts to connect to the secondary origin are unsuccessful, CloudFront responds to the viewer with an error message.
    • If every attempt at a connection is unsuccessful and the origin is not a member of an origin group, CloudFront responds to the viewer with an error message.
  • Specifications:
    • Type: Integer
    • Required: No

OriginCustomHeaders

  • A set of HTTP header names and values that CloudFront appends to requests before sending them to the origin.
  • Specifications:
    • Type: CustomHeaders object
    • Required: No

Custom headers can be used for a wide range of purposes, including the following:

  • Detecting Inquiries From CloudFront:
    The requests that CloudFront sends to your origin can be identified. This can be helpful if you want to find out whether people are avoiding CloudFront or if you utilize many CDNs and want to know which requests are originating from each one.
  • Identifying Which Requests Originate From a Specific Distribution:
    You can add several custom headers to each CloudFront distribution if you set them all to utilize the same origin. Then, you can identify which requests originated from which CloudFront distribution using the logs from your origin.
  • Restricting Content Access:
    Access to the content can be restricted using custom headers. It is impossible for visitors to obtain your content directly from the origin by circumventing CloudFront by configuring your origin to reply to queries only if they contain a custom header that gets inserted by CloudFront.

CustomOriginConfig

  • With one exception, use this type to provide an origin that isn't an Amazon S3 bucket. You can also use this type if static website hosting is enabled for the Amazon S3 bucket. Use the S3OriginConfig type in place of the S3 Bucket type if the Amazon S3 bucket is not set up to host static websites.
  • Specifications:
    • Type: CustomOriginConfig object
    • Required: No

DomainName

  • The origin's domain name.
  • Specifications:
    • Type: String
    • Required: Yes

Id

  • A distinctive origin identifier. Within the distribution, this value must be unique.
  • If you're using a default CacheBehaviour or DefaultCacheBehavior, you should use this value to provide the TargetOriginId.
  • Specifications:
    • Type: String
    • Required: Yes

OriginAccessControlId

  • An origin access control's unique identifier for this origin.
  • Specifications:
    • Type: String
    • Required: No

OriginPath

  • When requesting content from the origin, CloudFront may optionally append the origin domain name with a path.
  • Enter the directory path, starting with a slash (/), if you want CloudFront to request your content from a directory in your origin. CloudFront appends the directory path to the value of the Origin domain, for instance, cf-origin.example.com/production/images. The path's end should not include a slash (/).
  • Specifications:
    • Required: No
    • Type: String

OriginShield

  • Shield for CloudFront Origin. The load on your origin can be lessened by using Origin Shield.
  • Specifications:
    • Type: OriginShield object
    • Required: No

The advantages of CloudFront Origin Shield include:

  • Improved Cache Hit Rate:
    Origin Shield adds a second layer of caching in front of your origin, which might help increase the cache hit ratio of your CloudFront distribution. Utilizing Origin Shield increases the probability of a cache hit since all requests from all of CloudFront's caching levels to your origin pass via Origin Shield.
  • Decrease in Origin Load:
    The number of requests for the exact same object that are made to your origin concurrently can be further decreased with Origin Shield. As little as one request may be sent to your origin when Origin Shield consolidates requests for objects that are not already in its cache. decrease in origin load
  • An Improved Network Performance:
    You can improve network speed by turning on Origins in AWS with the shortest latency to your origin. All CloudFront network traffic for Origins in an AWS region continues on the fast CloudFront network all the way to your origin. Since Origin Shield provides a low latency link to your origin, CloudFront network traffic for Origins not hosted by AWS stays on the CloudFront network all the way to Origin Shield.

S3OriginConfig

  • If your Amazon S3 bucket is not set up to support static websites, you can specify an origin using this type. Use the CustomOriginConfig class to define any other kind of origin, such as an Amazon S3 bucket set up for hosting static websites.
  • Specifications:
    • Type: S3OriginConfig object
    • Required: No

Conclusion

  • An origin is the place where content is kept and from where CloudFront obtains it in order to provide it to viewers.
  • We can use an OAI (Origin Access Identity) or signed URLs to ensure that only CloudFront can access the origin.
  • You can improve network speed by turning on Origins in AWS with the shortest latency to your origin. All CloudFront network traffic for Origins in an AWS region continues on the fast CloudFront network all the way to your origin.
  • ConnectionAttempts is the number of attempts made by CloudFront to connect to the origin in AWS. It has a default value of 3.
  • ConnectionTimeout is the length of time CloudFront waits before attempting to connect to the origin. The default value is 10 seconds.
  • To provide an Amazon S3 bucket that is not set up to host static websites, as the origin, employ S3OriginConfig.
  • CustomOriginConfig can be used to provide an origin that isn’t an Amazon S3 bucket.
  • Origin Shield adds a second layer of caching in front of your origin, which might help increase the cache hit ratio of your CloudFront distribution.