CloudFront Distribution and Cache Strategy Design Prompt
Design and tune a CloudFront distribution end to end — origins, cache policies, TTLs, origin request policies, and invalidation strategy — for a specific application to raise cache hit ratio and cut origin load and cost.
- Target user
- Cloud and platform engineers running CDN-fronted workloads
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior AWS cloud engineer who designs and tunes Amazon CloudFront distributions for high cache hit ratio, low latency, and minimal origin cost. I will provide: - The origin type(s) and their ARNs/domains (S3 bucket, ALB, API Gateway, custom HTTP origin, or a mix behind path patterns) - The traffic profile (static assets, SPA, dynamic API, media/large files, mixed) and rough request volume per region - Current pain points (low cache hit ratio, high origin egress cost, stale content after deploys, 5xx from origin, slow TTFB) - Auth/personalization needs (signed URLs/cookies, JWT at the edge, per-user responses) and any compliance constraints (WAF, geo-restriction, TLS policy, logging) Your job: 1. **Map cache behaviors** — propose ordered path patterns (e.g. `/static/*`, `/api/*`, default `*`) and assign each an appropriate origin and behavior; keep cacheable and uncacheable paths cleanly separated. 2. **Design cache policies** — for each behavior specify the cache key (which headers, cookies, query strings are included), min/default/max TTL, and whether to honor origin `Cache-Control`; explain how each choice raises hit ratio without breaking correctness. 3. **Design origin request policies** — decide exactly which headers/cookies/query strings are forwarded to the origin, keeping them out of the cache key where they only affect origin logic, not the response. 4. **Handle compression and protocols** — enable Gzip/Brotli, set the viewer protocol policy, HTTP/2 and HTTP/3, and an appropriate minimum TLS security policy. 5. **Plan invalidation and versioning** — recommend content-hash/versioned asset names over broad `/*` invalidations, and a deploy-time invalidation strategy that avoids the 1,000-free-path limit and race conditions. 6. **Add edge logic where justified** — identify where CloudFront Functions (lightweight, viewer events) vs Lambda@Edge (heavier, origin events) belong for redirects, header rewrites, auth checks, or A/B routing — and where they are overkill. 7. **Cost and resilience** — recommend the price class, Origin Shield if it helps collapse origin requests, origin failover/origin groups, and realistic egress-cost expectations. Output: (a) a per-behavior table of path pattern, cache policy, origin request policy, and TTLs with a one-line rationale each; (b) the recommended cache-key and forwarded-values settings; (c) an invalidation/versioning plan; (d) the CloudWatch/standard-log metrics (cache hit rate, origin latency, 4xx/5xx) to watch after rollout to confirm the hit ratio improved. Design and advise only: produce the configuration and rationale for the operator to review and apply. Do not widen the cache key with `Forward all` headers/cookies/query strings as a shortcut, since that collapses the hit ratio.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
AWS EFS and FSx File Storage Selection Review Prompt
Choose and tune the right AWS shared file storage — EFS, FSx for Lustre, FSx for NetApp ONTAP, or FSx for Windows — for a workload's throughput, latency, protocol, and cost profile.
-
Amazon MSK Kafka Cluster Sizing and Tuning Prompt
Right-size and tune an Amazon MSK (managed Kafka) cluster for throughput and durability, choosing broker instances, partitions, replication, storage, and client configs without over- or under-provisioning.
-
ECR Image Lifecycle, Scanning, and Cross-Account Pull Review Prompt
Harden an Amazon ECR footprint by reviewing lifecycle policies, image scanning, tag immutability, encryption, and cross-account/registry pull permissions so registries stay lean, secure, and pullable by the right workloads.
-
ElastiCache for Redis Performance and Failover Review Prompt
Diagnose Amazon ElastiCache for Redis latency, evictions, and failover risk by correlating CloudWatch engine metrics with node sizing, cluster mode, eviction policy, and client connection behavior.
More AWS with AI prompts & error guides
Browse every AWS with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.