Speed is the feature users never explicitly request but always notice when it is missing. A user in Tokyo hitting an S3 bucket hosted in us-east-1 experiences latency that a user in Virginia never thinks about. CloudFront fixes this by caching content at edge locations scattered across the globe so that the Tokyo user gets data from an edge node in Tokyo, not from a server on the other side of the planet. Route 53 handles the DNS layer: turning domain names into IP addresses and routing users to the right endpoint based on latency, geography, health, or weighted distribution. The SAA-C03 exam tests CloudFront behaviors and origins, and Route 53 routing policies extensively.
Practice this topic
CloudFront is a Content Delivery Network. You configure a distribution with one or more origins (where the original content lives: an S3 bucket, an ALB, an EC2 instance, or any HTTP server) and behaviors that define how requests are handled for different URL path patterns. When a user requests a file, CloudFront checks the nearest edge location. If the file is cached and has not expired, it returns from the edge. If not, CloudFront fetches it from the origin, caches it at the edge, and returns it to the user.
The cache behavior controls how long content stays in the edge cache (TTL), which HTTP headers and cookies get forwarded to the origin (forwarding these items reduces the cache hit ratio), and whether to compress objects automatically. Cache hit ratio is the percentage of requests served from the edge versus the origin. A high cache hit ratio means lower latency for users and lower traffic to your origin. Improve it by setting appropriate TTLs and minimizing unnecessary header and cookie forwarding.
CloudFront integrates with AWS WAF for web application firewall protection at the edge, with Lambda@Edge and CloudFront Functions for request/response manipulation at edge locations, with S3 Origin Access Control for serving private S3 content only through CloudFront, and with AWS Shield for DDoS protection. CloudFront signed URLs and signed cookies restrict access to private content by embedding an expiry and a signature.
Route 53 is AWS's authoritative DNS service. It resolves domain names to endpoints and supports routing decisions based on conditions you define. Simple routing returns a single record, or multiple values randomly if you specify several. Weighted routing splits traffic between endpoints by percentage, useful for blue-green deployments or canary releases.
Latency-based routing sends users to the AWS Region with the lowest network latency from their location. This is not the same as the closest region geographically: latency depends on network conditions, not map distance. Failover routing directs traffic to a primary endpoint and falls back to a secondary when Route 53 health checks detect the primary is down. Geolocation routing sends users to specific endpoints based on their country or continent. Geoproximity routing (available through Traffic Flow) routes based on geographic distance, with a configurable bias to shift more or less traffic toward an endpoint.
Health checks are Route 53's mechanism for detecting endpoint failures. They can monitor an endpoint directly, monitor the status of other health checks (calculated health checks), or monitor CloudWatch alarms. When a health check fails, Route 53 stops routing to that endpoint if the routing policy supports failover. Multivalue answer routing returns up to eight healthy records in response to a query, providing a basic form of load balancing at the DNS level.
CloudFront cache hit ratio improvement: increase TTL, reduce forwarded headers and cookies, use cache policies correctly.
Restrict S3 content to CloudFront only: Origin Access Control (OAC), block public S3 access, grant CloudFront principal access via bucket policy.
Route 53 weighted: percentage-based traffic split. Use for canary releases and A/B testing.
Route 53 latency-based: lowest round-trip time to an AWS Region. Use for global applications.
Route 53 failover: primary and secondary endpoints with health checks. Use for active-passive failover.
Route 53 geolocation: route by user country or continent. Useful for data residency requirements.
Alias records: Route 53-specific record type that resolves to AWS resources (ALB, CloudFront, S3 website) without an IP address. No TTL charge for Alias queries.
| Policy | Routing basis | Typical use case |
|---|---|---|
| Simple | Single or random multi-value | Single endpoint, no routing logic needed |
| Weighted | Percentage split | Blue-green deployments, canary releases, A/B testing |
| Latency-based | Lowest network latency to AWS Region | Global apps serving users from the nearest fast region |
| Failover | Health check status (primary/secondary) | Active-passive disaster recovery |
| Geolocation | User country or continent | Content localization, data residency compliance |
| Geoproximity | Geographic distance with bias | Traffic shifting with geographic control |
| Multivalue answer | Up to 8 healthy records | Basic DNS-level load distribution |
CloudFront can only serve static content from S3.
CloudFront can cache and serve responses from any HTTP origin including ALBs, EC2 instances, API Gateway, and on-premises servers. For dynamic content that changes per request, you can configure CloudFront to pass requests through to the origin and still benefit from terminating TLS at the edge, AWS network acceleration, and WAF protection.
Route 53 geolocation routing automatically routes users to the lowest-latency region.
Geolocation routing routes users based on their detected geographic location (country or continent), not based on network latency. A user in France will be routed to the Europe endpoint regardless of whether the us-east-1 endpoint would actually be faster. For latency-based routing, use the latency routing policy instead.
Adding a CloudFront distribution in front of an ALB always improves performance.
CloudFront helps most for content that can be cached at the edge. For highly dynamic or personalized content where every response is unique, CloudFront may add a small amount of latency for uncacheable requests compared to connecting directly to an ALB. CloudFront's benefits are strongest for cacheable content, global user bases, and workloads that benefit from TLS termination at the edge.
Try free CloudFront & Route 53 practice questions with explanations, topic links and progress tracking.