Net: Cloudfront

resource "aws_cloudfront_distribution" "cdn" 
  origin 
    domain_name = aws_s3_bucket.site.bucket_regional_domain_name
    origin_id   = "S3Origin"
enabled = true
  default_cache_behavior 
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3Origin"
    viewer_protocol_policy = "redirect-to-https"
    cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6" # CachingOptimized
restrictions 
    geo_restriction 
      restriction_type = "none"
viewer_certificate 
    cloudfront_default_certificate = true

Use Price Class 100 (US/EU only) or Price Class 200 (+Asia) to reduce cost.

If you manage a website, you might consider using AWS CloudFront and, by extension, a cloudfront.net domain. Here is a quick pros and cons analysis: cloudfront net

Allow access only to authorized users. Use CloudFront key pairs (root user only) or trusted key groups (IAM). Use Price Class 100 (US/EU only) or Price

Cause: Many enterprise firewalls block all cloudfront.net domains because of potential malware or data exfiltration risks. Fix: This is often a false positive. Contact your IT department to request an allowlist for legitimate sites you need. If you manage a website, you might consider

| Use case | Configuration | |----------|---------------| | Static website (S3) | OAC + CachingOptimized + Default root object | | Video streaming | Enable CORS, support byte-range requests | | API acceleration | Cache GETs, forward Authorization header, low TTL | | Software downloads | Large TTL, enable Origin Shield, compress content | | Global e-commerce | Cache product images, no cache on cart/checkout |