I am working on a multi-region solution for my current architecture. We use CloudFormation for defining the infrastructure. A piece of that architecture is a Cloudfront distribution which takes the user to an S3 bucket. I know I will have to create a failover for S3, in case one of the regions goes down, but what about CF distribution? I know CF is a global service, so it doesn't need a replica?

Here's the CF distribution we have:

IVRSpeechContentCFDistro:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Aliases:
          - !FindInMap [ EnvMappings, !Ref StageName, domain ]
        HttpVersion: http2
        ViewerCertificate:
          AcmCertificateArn: !FindInMap [ EnvMappings, !Ref StageName, ssl ]
          MinimumProtocolVersion: TLSv1.2_2021
          SslSupportMethod: sni-only
        Enabled: True
        DefaultCacheBehavior:
          CachePolicyId: xxxxxx
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          TargetOriginId: !Sub "xxxxxx"
          ViewerProtocolPolicy: https-only
        Origins:
          - Id: !Sub "xxxxxxx"
            DomainName: !GetAtt bucket.RegionalDomainName
            S3OriginConfig:
              OriginAccessIdentity: !Sub
                - "origin-access-identity/cloudfront/${ID}"
                - { ID: !Ref identity } 

CodePudding user response：

CloudFront is global service, so you can't make any "replica" of it in other region, just like you can't make a "replica" of IAM or Route53. But you can setup CloudFront origin failover. This makes it that:

CloudFront automatically switches to the second origin when the primary origin returns specific HTTP status code failure responses.