Guide to AWS CloudFront Pricing & Cost Optimization

Amazon CloudFront – Pricing and Benefits

Amazon Web Services (AWS) wasn’t always synonymous with edge networking. For quite some time, they focused on hyper scaling their edge network setup for use by specific clients, rather than making a big deal about their holdings to the public.

But those early infrastructure investments paid off. Over the past three years, Amazon CloudFront has established itself as one of the big three players in the content delivery network (CDN) market. As of Q1 2022, CloudFront has shot past Akamai for CDN market share and is now a viable alternative to the likes of Cloudflare¹.

Part of their appeal is financial. Amazon CloudFront pricing is aggressively competitive, matching Cloudflare’s free tier with one of their own, and with paid services structured for efficient expansion of global enterprise operations. For medium-sized businesses, CloudFront pricing is structured to encourage tactical regional caching for a reasonable spend, with the ability to quickly scale up and out if a popularity surge arises.

AWS CloudFront CDN also offers fast response times for end-users as well as increased botnet spam prevention, however it’s important to understand where extra charges are applied to protect your investment.

What Is CloudFront?

Amazon’s CloudFront service is an edge-focused CDN with high speeds and low latency. CDNs are often used for caching content on a regional basis so that the back-end servers aren’t strained under global demand. Consequently, this kind of local caching provides the end-user with faster response times and better download speeds.

Amazon has over 310 globally dispersed Points of Presence (PoPs) in early 2022, normally located within a stone’s throw of multiple major metropolitan areas. These edge server clusters are also useful for helping to deflect DDoS attacks. AWS Shield Standard is included as part of the package, automatically mitigating those massive waves of botnet spam. If everything is functioning properly, the PoPs will take the brunt of the initial attack volume, leaving the back-end servers safe and fully functional. The Amazon Shield system can then actively block the sources of illicit traffic and restore the CDN instance to normal functionality.

Each regional CloudFront instance can be localized, the cached content geared towards whatever languages are appropriate and whatever government standards are required.

The decision to use a CDN means that a company can avoid having to invest in expensive on-site edge infrastructure. There’s no need to make sagelike predictions about the expansion of a customer base; the ability to instantly marshal the power of edge Cloud resources means that every surge in popularity can be reacted to quickly.

AWS CloudFront Pricing

The good news is that CloudFront was designed with existing AWS packages in mind. As such, there are no transfer fees for origin fetches from anything on the Amazon network. That means free transfer rates from AWS Elastic Load Balancers, Amazon Simple Storage Service (S3), Amazon Elastic Compute Cloud (EC2), and the like. The AWS Certificate Manager (ACM) serves custom TLS certificates to CloudFront at no additional charge.

Pricing for low volume users (up to 1TB)

For low-volume users, or users just testing out the service, there’s a free tier that dodges Amazon CloudFront pricing altogether. The free tier includes:

• 1 TB of data transfer out per month
• 10,000,000 HTTP or HTTPS Requests per month
• 2,000,000 CloudFront Function Invocations per month

If a company (or individual) can stay below those thresholds, they’ll have plenty of time to try out CloudFront’s capabilities, build their integration, and grow their business. It will even integrate with AWS’s other free tiers (compute, storage, etc.). Websockets is also supported with just standard data usage fees for whatever tier the customer is subscribed to… which means free tier users can incorporate Websockets without any charge.

For the paid pricing plans, the cost will vary from region to region, with the highest availability regions being the most expensive and the lowest availability regions being the cheapest. This applies to all of the packages below, even if volume discounts are being utilized.

Pricing for high volume users (>1TB)

For higher volume users, the pricing depends on volume. The best deals go to companies who plan to use at least 10 TB of data transfer a month for 12 months or more. Amazon rewards companies who can agree to a term commitment in advance.

The next cheapest per-TB is the CloudFront Security Savings Bundle. It’s a flexible self-service Amazon CloudFront pricing plan that cuts up to 30% off monthly usage fees, as long as the company commits to a monthly spend for a one-year term or longer. Amazon’s Web Application Firewall (WAF) is included in these packages.

Pricing for medium volume users

Below that level is the standard on-demand pricing plan. This applies both to companies using under 10 TB a month (but more than the free tier can handle), and to companies unwilling to commit to a long-term agreement in advance. In Q1 2022, the AWS CloudFront pricing schema looks like this:

Additionally, companies pay for data transfer back to the origin server, HTTP and HTTPS request volume, and extra-regional Origin Shield requests. That pricing is as follows:

Additional costs for service tie-ins

There are some additional charges if a company uses certain service tie-ins.

For example, the Amazon CloudFront pricing scheme can include Lambda@Edge integration. It is not available at all on the free tier. Lambda@Edge charges $0.60 per 1 million invocations. It also charges for the capacity and duration used, starting from the time that the code begins to execute and lasting until a result returns or the process terminates. That costs $0.00005001 for every GB/second used.

Another example of an add-on service is Amazon CloudFront Functions. Every time a programmed CloudFront event calls upon the Function server, it ticks up the monthly count. Invocation pricing is $0.10 per 1 million Function invocations.

For anyone using CloudFront for field-level security, the charge is $0.02 for every 10,000 requests that are encrypted at the field level, in addition to any standard HTTPS request fees.

For smaller operations than make use of such things, these additional services might literally cost a dollar per month. But for complex, global deployments, service tie-in fees can add up. It’s something to be aware of when creating service cost estimates. The DevOps team will usually be able to provide data on which integrations they’re using and the projected volume.

AWS CloudFront Pricing Tips and Tricks

The first thing to note is that there’s no requirement to opt in to all regions. Amazon CloudFront pricing makes it easy to opt-out of more expensive regions by offering regional price class packages:

Any user from the opted-out regions requesting data from the site or app will skip the CDN and go right to the host server (or load balancer).

Anyone who happens to go over one of the thresholds on the free tier will only be charged for their overages in that classification. For example, if a user is under their threshold on data volume and HTTPS requests, but records 12,000,000 viewer functions instead of the allowed 2,000,000, they’ll only be charged for the additional 10 million CloudFront Function Invocations… or $1. That’s a pretty good deal.

CloudFront can be set to use compression by default on certain file formats. This can drastically save on bandwidth usage. See the Amazon CloudFront Compression Guide for full details on the settings that need to be changed.

Setting extended caching times for frequently used assets can really help reduce end-user request volume. For example, assuming a company isn’t changing its logo within the next three months, they can invoke a 90-day cache-control HTTP header for that file reference on the origin server. Doing this for all semi-permanent content can really lessen the back-end impact of users who visit a site daily.

A similar policy can be enacted site-wide, for popular static content. The default cache timeout for CloudFront is 24 hours. But the Time To Live (TTL) values can be modified to something more long-term in order to make use of client-side caching. Make sure that the cache key settings are both accurate and realistic to the server’s intended purpose. Then the overall cache policies can be set on individual regions or on entire classes.

For higher volume users, the most obvious cost savings is to reserve capacity for a year in advance and take advantage of cost savings that can be as much as 30% across the board. In this case, the cost of a fear of commitment can run into the six to seven-figure range at the enterprise level.

Finally, shifting all related Cloud services over to Amazon can really cut down on the overall AWS CloudFront pricing. Because in-network origin fetches are free, there are very few scenarios that offer cost savings by splitting compute, storage, and edge CDN services across two or more public Clouds.

In Conclusion

Amazon CloudFront is one of the most robust and flexible CDNs on the market today. The combination of incredible global reach and reasonable pricing policies is hard (if not impossible) to find elsewhere. That isn’t too much of a shock to anybody who has been monitoring AWS’s extreme hyperscaling activities over the past few years. ¹Owning around a third of the world’s Cloud infrastructure does have some advantages.

Understanding all of the nuances to AWS CloudFront pricing is critical to optimizing monthly spend: By using the right combination of tier selection, regional inclusions and exclusions, cache settings, and advanced capacity reservation.

If some of this is a little bit confusing, don’t worry: There’s help available.

The planning, budgeting, and implementation of Amazon CloudFront and all other AWS aspects do not need to be performed in-house. Much like hiring a tax professional to do a company’s tax returns, it’s usually a good idea to let the Cloud professionals delve into the details of Cloud implementation and billing. 

A reliable AWS Managed Service provider such as Logicata will understand all of the little tricks that can save a company significant sums of money at the end of the month.