2

I need some resources or general direction.

I am looking into using Cloudfront to help combat latency on calls to my service.

I want to be able to serve cached data, but need to allow the client to be able to specify when they want to bypass cached data and get the latest data instead.

I know that I can send a random value in the query parameter to invalidate the cache. But I want to be able to send a custom header that will do the same thing.

Ideally, I would like to use the Cloudfront that is created behind the scenes with API Gateway. Is this possible? Or would I need to create a new CloudFront to sit in front of API Gateway?

Has anyone done this? Are there any resources you can point me to?

JAck28
  • 899
  • 4
  • 15
  • 40

2 Answers2

2

You cannot actually invalidate the CloudFront cache by passing a specific header -- or with a query parameter, for that matter. That is cache busting, and not invalidation.

You can configure CloudFront to include the value of a specific header in the cache key, simply by whitelisting that header for forwarding to the origin -- even if the origin ignores it.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesForwardHeaders

However... the need to give your APIs consumers a way to bypass your cache seems like there's a problem with your design. Use an adaptive Cache-Control response header and cache the responses in CloudFront for an appropriate amount of time, and this issue goes away.

Otherwise, the clever ones will just bypass it all the time, by continually changing that value.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • So if I whitelist a header, that means that if I pass in that header with my request, cloudfront will bypass cache and pull directly from the origin instead? – JAck28 Sep 28 '17 at 12:56
  • 1
    Close, but not exactly... it means CloudFront will consider that header and its value as part of the request's cache key, just like the path is part of the request's cache key. `GET /foo` + `Some-Header: buzz` will be treated as a different "page" (object) than `GET /foo` + `Some-Header: fizz` as well as different than `GET /foo` without `Some-Header` present at all. Each combination is a different object, so each *unique* value for `Some-Header:` is cached separately -- or the origin consulted if no request is in the cache for that particular value (or absence) of `Some-Header:`. – Michael - sqlbot Sep 28 '17 at 20:32
  • Thanks, this is helpful! I have another question that's related. I'm still a bit confused about how to whitelist if I'm using api gateway. I've added a question here: https://stackoverflow.com/questions/46490508/api-gateway-caching-vs-cloudfront – JAck28 Sep 29 '17 at 14:05
0

CloudFront does caches based on headers.

Create a custom header and whitelist on that header. CloudFront will fetch from origin if the value is not found in the cache.

Hope it helps.

EDIT:

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html

Header based caching.

Kannaiyan
  • 12,554
  • 3
  • 44
  • 83
  • So if I whitelist a header, that means that if I pass in that header with my request (and a unique value for the header), cloudfront will bypass cache and pull directly from the origin instead? – JAck28 Sep 28 '17 at 13:16
  • Can this be done using the cloudfront that was created behind the scenes by api gateway? – JAck28 Sep 28 '17 at 16:57
  • Yes. You can do that with cloudfront with whatever the proxy backend you have integrated. – Kannaiyan Sep 28 '17 at 17:09
  • It doesn't seem possible to whitelist headers in API gateway, without creating a new cloudfront on top of the one created behind the scenes. – JAck28 Sep 28 '17 at 17:29
  • Added referencing documentation. If that does not, you seem to be doing something wrong. Since it works for me as documented. – Kannaiyan Sep 28 '17 at 17:45
  • I should probably just create another question. I get that whitelisting headers will do what I want. But I'm wondering if this is possible using the CF that was created by APIG b/c I don't have access to it since it is hidden. I'm thinking I may need to create a CF to sit on top of APIG to do that. – JAck28 Sep 28 '17 at 18:00