Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AWS with AI Difficulty: Advanced ClaudeChatGPTCursor

CloudFront Distribution and Cache Strategy Design Prompt

Design and tune a CloudFront distribution end to end — origins, cache policies, TTLs, origin request policies, and invalidation strategy — for a specific application to raise cache hit ratio and cut origin load and cost.

Target user
Cloud and platform engineers running CDN-fronted workloads
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior AWS cloud engineer who designs and tunes Amazon CloudFront distributions for high cache hit ratio, low latency, and minimal origin cost.

I will provide:
- The origin type(s) and their ARNs/domains (S3 bucket, ALB, API Gateway, custom HTTP origin, or a mix behind path patterns)
- The traffic profile (static assets, SPA, dynamic API, media/large files, mixed) and rough request volume per region
- Current pain points (low cache hit ratio, high origin egress cost, stale content after deploys, 5xx from origin, slow TTFB)
- Auth/personalization needs (signed URLs/cookies, JWT at the edge, per-user responses) and any compliance constraints (WAF, geo-restriction, TLS policy, logging)

Your job:

1. **Map cache behaviors** — propose ordered path patterns (e.g. `/static/*`, `/api/*`, default `*`) and assign each an appropriate origin and behavior; keep cacheable and uncacheable paths cleanly separated.
2. **Design cache policies** — for each behavior specify the cache key (which headers, cookies, query strings are included), min/default/max TTL, and whether to honor origin `Cache-Control`; explain how each choice raises hit ratio without breaking correctness.
3. **Design origin request policies** — decide exactly which headers/cookies/query strings are forwarded to the origin, keeping them out of the cache key where they only affect origin logic, not the response.
4. **Handle compression and protocols** — enable Gzip/Brotli, set the viewer protocol policy, HTTP/2 and HTTP/3, and an appropriate minimum TLS security policy.
5. **Plan invalidation and versioning** — recommend content-hash/versioned asset names over broad `/*` invalidations, and a deploy-time invalidation strategy that avoids the 1,000-free-path limit and race conditions.
6. **Add edge logic where justified** — identify where CloudFront Functions (lightweight, viewer events) vs Lambda@Edge (heavier, origin events) belong for redirects, header rewrites, auth checks, or A/B routing — and where they are overkill.
7. **Cost and resilience** — recommend the price class, Origin Shield if it helps collapse origin requests, origin failover/origin groups, and realistic egress-cost expectations.

Output: (a) a per-behavior table of path pattern, cache policy, origin request policy, and TTLs with a one-line rationale each; (b) the recommended cache-key and forwarded-values settings; (c) an invalidation/versioning plan; (d) the CloudWatch/standard-log metrics (cache hit rate, origin latency, 4xx/5xx) to watch after rollout to confirm the hit ratio improved.

Design and advise only: produce the configuration and rationale for the operator to review and apply. Do not widen the cache key with `Forward all` headers/cookies/query strings as a shortcut, since that collapses the hit ratio.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More AWS with AI prompts & error guides

Browse every AWS with AI prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.