amazon-s3 aws - When to use Amazon Cloudfront or S3

private serving (9)

Another major difference is that CloudFront allows you to mirror the site on your server. Cloudfront then caches the files such as images, mp3 or video using its content delivery network.

This saves you having to duplicate your assets as you would when you use Amazon S3.

However, after a file expires, CloudFront will fetch it again from your live site (at cost). So cloud front is best for frequently accessed files, and less so for infrequently accessed ones.

One way to set the file expiry for apache is in .htaccess. For example

<filesMatch "\\.(mp3|mp4)$">
Header set Cache-Control "max-age=648000, private"

Are there use cases that lend themselves better to Amazon cloudfront over s3 or the other way around? I'm trying to understand the difference between the 2 through examples.

One aspect missed here is:

Amazon Cloudfront also offers lower prices than Amazon S3 at higher usage tiers.

  • Cloudfront CDN is for distribution of content across multiple servers geographically distributed (CSS, JS)

  • Whereas s3 is more of a per user less used resources store (user images, PDFs).

You can serve your Cloudfront resources from an s3 bucket completely bypassing your web server.

(Useful in situations where your web server pre-compiles and stores images and java-script. storing them on s3 means your server memory footprint is reduced )

Ex: On Heroku Slugs (complied application sizes can be reduced by using s3 and wrapping it with cloud-front CDN will improve throughput)

CloudFront and S3 Bucket is not the same. In layman's terms: CloudFront enables you to accelerate content delivery of your web contents via Content Delivery Network (CDN) in edge locations, whereas S3 Buckets are where you store your actual files. CloudFront sources may not necessarily be from S3 but for easier visualization of S3 integration with CloudFront:

For more detailed explanations check out my notes on S3 Bucket and CloudFront:

Amazon S3 is a great object storage platform if you are looking for a globally distributed storage system to protect against regions/zones going down. It is also great for static/fixed content that is not transactional and changing such as pictures, videos, images, backups, etc. Hope that helps!

Another case for using CloudFront over S3 is that you can use an SSL certificate to a custom domain in CloudFront whereas you cannot in S3. A pretty good reason imho!

As first i would like to explain that Amazon S3 is the cloud Storage and Cloud Front is the content delivery network (CDN).

So you can use to store the files on S3 and can create the distribution to serve the content over the internet. As well as you can create distribution for the specific regions.

Amazon CLOUDFRONT and S3 are two different services provided by Amazon Web Services.

Amazon S3 is a storage service in which we can store static files like:

css, images, javascripts,videos, etc...

Amazon CloudFront is a middle-ware which stands in between a user requesting for a file from AWS and the S3 data center in a specific region, CloudFront is used to speeds up distribution of your static and dynamic web content from S3 to the User.

You can understand it better by an example:-

For example, your S3 is located in AWS region US East (N. Virginia) which a data center location to store your files.

If a user from India tries to access a file from a AWS server in Virginia, then user would need to go to that specific location with a request, and this will take a lot of time.

What CloudFront does is that it stands as a middleware between user and AWS S3.

The most often used files can be cached on CloudFront and what it does is, it replicates those files on edge locations (To deliver content to end users with lower latency, Amazon CloudFront uses a global network of edge locations for content delivery).

If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not currently in that edge location, CloudFront retrieves it from an Amazon S3 bucket and provides it to user as faster as it can.

Every request is given a new DNS from CloudFront to the S3, so this would result in lower traffic as well as more parallel request processing.

Following is the list of current edge locations as per July-2016:-

United States

  • Ashburn, VA (3)
  • Atlanta, GA
  • Chicago, IL
  • Dallas/Fort Worth, TX (2)
  • Hayward, CA
  • Jacksonville, FL
  • Los Angeles, CA (2)
  • Miami, FL
  • New York, NY (3)
  • Newark, NJ
  • Palo Alto, CA
  • San Jose, CA
  • Seattle, WA
  • South Bend, IN
  • St. Louis, MO


  • Amsterdam, Netherlands (2)

  • Dublin, Ireland

  • Frankfurt, Germany (3)

  • London, England (3)

  • Madrid, Spain

  • Marseille, France

  • Milan, Italy

  • Paris, France (2)

  • Stockholm, Sweden

  • Warsaw, Poland


  • Chennai, India

  • Hong Kong (2)

  • Mumbai, India

  • Manila, the Philippines

  • New Delhi, India

  • Osaka, Japan

  • Seoul, Korea (3)

  • Singapore (2)

  • Taipei, Taiwan

  • Tokyo, Japan (2)


  • Melbourne, Australia

  • Sydney, Australia

South America

  • São Paulo, Brazil

  • Rio de Janeiro, Brazil

From this you can conclude that if the users are limited are from the same region as your S3 is hosted on, then you do not require to go for CloudFront, and if the number of users is increased on global level then you should definitely use CloudFront for better latency and traffic control.

Found out what the issue is here; being an AWS newbie I struggled here for a bit until I realized that each policy for the users you set needs to clearly allow the service you're using.

In this case I hadn't set the user to be allowed into S3.

Goto IAM then goto Users and click on the particular user that has the credentials you're using. From there goto Permissions tab, then click on Attach User Policy and find the S3 policy under select policy template. This should fix your problem.

Hope that helps!

amazon-s3 amazon-ec2 amazon-web-services cloud