In the distribution's details, click on the Monitoring tab to review metrics like Requests, Bytes Downloaded, Bytes Uploaded, 4xx Errors, and 5xx Errors. These metrics help monitor the distribution's health and operational efficiency.
Explore CloudWatch Metrics linked to CloudFront distributions for deeper insights into performance and operational health.
Access Logs:
Under the Settings section, check if Standard Logs are enabled. Access logs provide visibility into the requests served by CloudFront, helping with debugging and analysis.
Viewer Request Policies:
Under the Behaviors tab, inspect viewer request policies, including HTTP methods allowed, headers forwarded, and caching behaviors. Properly configured behaviors optimize operational efficiency.
In the Settings section, verify the Viewer Protocol Policy for each behavior. Ensure that HTTPS is enforced to secure data in transit between viewers and CloudFront.
Origin Access:
Review Origin Settings to check if Origin Access Control (OAC) or Origin Access Identity (OAI) is configured for S3 origins, ensuring that only CloudFront can access the S3 bucket directly, securing content.
WAF Integration:
If AWS WAF is used, inspect the AWS WAF Web ACL section under the distribution settings to see if Web Application Firewall rules are applied for additional protection against common web exploits.
Security Headers:
Review response headers forwarded to viewers in the Behaviors section to ensure security headers (e.g., Content-Security-Policy, X-Content-Type-Options) are correctly configured.
Check the Origins section to see if Origin Groups are configured. Origin groups enable failover to a secondary origin if the primary origin becomes unavailable, enhancing reliability.
Caching Strategies:
In the Behaviors tab, review caching settings such as Cache-Control headers and TTL (Time-to-Live) values for cached objects. Proper caching improves content availability and reduces load on the origin server.
Health Checks:
If configured, inspect health check settings for custom origins under the Origins section to verify that CloudFront is monitoring origin health, allowing automatic failover to improve reliability.
In the Behaviors tab, check the Caching configuration. Use longer TTL values for static content to reduce the number of requests to the origin, thereby minimizing data transfer costs.
Use of Edge Locations:
Verify that content is delivered from CloudFront edge locations, which helps reduce latency and data transfer costs. Edge caching can be explored through CloudFront Reports for cost-saving insights.
Access Logs:
If Standard Logs are enabled, review the storage location and frequency of log files. Ensure that logs are stored in an S3 bucket using appropriate storage classes (e.g., S3 Glacier) for cost optimization.
In the Behaviors tab, check the cache behavior configurations, including Forwarded Headers and Query Strings. Adjust these settings to ensure efficient caching and minimize origin fetches.
Content Compression:
Inspect Compression settings in the Settings section. Enabling Gzip and Brotli compression for supported file types reduces data transfer sizes, improving performance.
Edge Locations and Latency:
Use the CloudFront Reports section to analyze the distribution's performance across different edge locations. This insight helps identify areas where latency can be further optimized.
Lambda@Edge:
Under the Behaviors tab, see if Lambda@Edge functions are associated with the distribution. These functions can optimize content delivery by customizing the content closer to users.
Log in to the AWS Management Console of securitytooling account.
AWS Config:
If AWS Config is enabled, navigate to the Rules section to view compliance status for CloudFront distributions, such as ensuring Default HTTPS is used or WAF is applied.
Security Hub:
Check AWS Security Hub for findings related to CloudFront to identify security misconfigurations, such as overly permissive access policies or lack of encryption.