Reputation: 65
Amazon cloudfront and 403 cost
We host some scripts and content in cloudfront. These are accessible publicly by different consumers as part of their websites. When the scripts are no longer relavant we invalidate the file/content and it is no longer available. The people who use the script/content on their pages are notified but we can't enforce them to remove the script/content which gives 403 status code now. How to avoid or reduce this cost?
Upvotes: 0
Views: 273
Answers (1)
Reputation: 179074
Here's one strategy.
Assume your domain name is example.com.
Create a CloudFront distribution with Alternate Domain Name *.example.com.
For each site, or script, or site+script combo, assign a custom "dummy" hostname -- e.g. jozxyqkrd52169.example.com. Give this to one site only.
In Route 53, maintain only DNS entries for the hostnames that you currently consider valid. Delete them when the entry is no longer needed. This can be automated.
Technically, CloudFront would respond to any *.example.com hostname, but with no DNS record pointing there, no requests arrive for hostnames you aren't using.
You'll be paying for Route 53 to handle queries for hostnames with deleted entries, but that's a fraction of the cost of the CloudFronr and S3 request pricing.
Alternately, instead of provisioning Route 53 with records you want to work, you could provision it with a wildcard record pointing to CloudFront and then create specific entries for hostnames that you want to block. A CNAME record pointing to a target name such as invalid.invalid (.invalid is a top-level domain name that is actually reserved for signifying that a record is in fact invalid) should be usable for overriding specific subdomains and preventing requests for those names from hitting CloudFront.
Note that as long as you don't configure the CloudFront Cache Behavior to forward the Host header to the origin, on a single distribution that answers for multiple hostnames, foo.example.com/cat.js and bar.example.com/cat.js would be considered the same object, so multiple hostnames like this should not have a negative impact on your cache hit ratio.
Upvotes: 1
Related Questions
- Cloudfront with private EC2 origin
- 403 ERROR The request could not be satisfied
- Hosting through Cloudfront provides 403
- CloudFront is giving 403 for second origin
- Cloudfront and EC2
- How can I configure CloudFront so it costs me a bit less?
- AWS Cloudfront 0 Minimum TTL meaning & cost
- S3 request pricing when requests are made by CloudFront
- Using CloudFront only for free Amazon's ssl certificate
- Is using Cloudfront for my CDN dodgey?