I like that CloudFront brings performance, security, and edge programmability together in a single service that fits naturally into modern web, API, and media architectures.
The global footprint and routing behavior keep latency low and throughput steady even when traffic is unpredictable, which helps stabilize user experience across regions.
The security model feels first class, with certificate management, TLS policies, WAF, and Shield available at the edge, so protections live closer to viewers and reduce pressure on origins.
The console workflow has become more intuitive, which shortens the path from an initial idea to a production distribution with sensible defaults and guardrails.
Features that I really like:
• The worldwide Points of Presence and regional cache layers provide consistent delivery by keeping content closer to viewers and minimizing long-haul trips to the origin.
• Free data transfer from AWS origins, particularly S3 when used as an origin, streamlines early cost planning for static websites and asset delivery that scale over time.
• HTTP over modern protocols, including HTTP/2 and HTTP/3 on QUIC, improves connection setup and resilience on unstable networks, and enabling the newer protocol is straightforward.
• Origin Access Control is the right security baseline for private S3 buckets, since it signs origin requests with SigV4 and removes the need to publicly expose the bucket.
• Edge compute options are pragmatic. CloudFront Functions handles high-scale, sub-millisecond logic for headers and cache keys, and Lambda@Edge supports richer transforms and integrations for things like SSR or authentication workflows.
• The KeyValueStore for CloudFront Functions adds low-latency state at the edge, which helps with config lookups, feature flags, and basic personalization without additional network hops.
• Observability is versatile. Standard access logs to S3 give durable auditing, while real-time logs to data streams enable near-live analytics for performance, security, and experiments.
• Origin Shield adds an extra caching tier that consolidates origin requests, raises cache hit ratio, and reduces origin load, which is especially helpful during spikes or multi-region launches.
• Continuous deployment for distributions supports safer blue or green rollouts at the edge, which avoids disruptive DNS cutovers and enables quick reversions if needed.
• The service integrates cleanly with Route 53, API Gateway, S3, ALB, and CloudFormation, so edge delivery and infrastructure evolve together in a unified workflow.
• The free tier is generous enough for long-lived prototypes and small production use, which makes it low friction to start and refine a setup before committing to higher scale. Review collected by and hosted on G2.com.
I dislike that multi-region cost modeling still requires careful planning across data transfer, requests, logging, and optional features, which adds overhead during early design. Review collected by and hosted on G2.com.
Our network of Icons are G2 members who are recognized for their outstanding contributions and commitment to helping others through their expertise.
Validated through LinkedIn
The reviewer received either a gift card or a donation made to a charity of their choice in exchange for writing this review.
G2 Gives Campaign. The reviewer received either a gift card or a donation made to a charity of their choice in exchange for writing this review.
