Global Content Delivery Network

Content delivery networks are critical infrastructure for any global application, but designing a CDN architecture that goes beyond basic static file caching to include dynamic content acceleration, edge computing, and intelligent purging requires deep understanding of caching theory and global networking. In this challenge, you will design a comprehensive CDN architecture on AWS that serves a media-heavy application to users across six continents with consistent sub-200ms page loads. The foundation uses Amazon CloudFront with a multi-origin architecture: S3 for static assets (images, CSS, JS) with origin access control, an ALB origin for dynamic API responses, and a MediaStore origin for live video streaming. Cache behavior design uses path-based routing rules — static assets get long TTLs with content-hash-based cache keys, API responses use short TTLs with vary-by-header cache keys, and authenticated content uses signed URLs or signed cookies with key groups. Edge computing uses CloudFront Functions for lightweight request manipulation (header normalization, A/B test routing, geo-based redirects) executing in under 1ms, and Lambda@Edge for heavier processing (server-side rendering at the edge, authentication token validation, content personalization). The cache invalidation strategy uses a versioned URL approach for static assets (eliminating the need for invalidation) and targeted path-based invalidation via the CloudFront API for dynamic content changes, orchestrated by an EventBridge rule triggered from content management system updates. For geographic compliance, you use CloudFront's geographic restriction feature combined with Lambda@Edge for fine-grained access control based on data residency requirements. The architecture includes a custom real-time monitoring dashboard using CloudFront real-time logs streamed to Kinesis Data Streams, with Lambda computing cache hit ratios, origin latency percentiles, and error rates per edge location. Origin shield is enabled to reduce origin load by adding a regional caching layer between edge locations and the origin. DDoS protection layers WAF rules with Shield Advanced for L3/L4 protection. This challenge teaches CDN architecture patterns, edge computing strategies, and the operational patterns for global content delivery at scale.