Many people confuse cloudfront.net with Cloudflare. Despite the similar name, they are completely different:
They compete directly as CDN providers, but their domain naming conventions differ. Cloudflare typically uses cdn.cloudflare.net or proxied customer domains, while AWS uses the randomized distribution-id.cloudfront.net pattern.
For an everyday internet user, seeing cloudfront.net can be confusing. You might wonder: "Am I on a malicious site? Did I leave Amazon?" cloudfront net
Normal scenarios:
Suspicious scenarios (Red Flags):
Because anyone with an AWS account can create a cloudfront.net distribution (even free-tier users), cybercriminals also misuse it to host phishing kits, malware payloads, and scam pages. The domain is not inherently dangerous, but it is widely accessible.
| Term | Meaning |
|------|---------|
| Origin | Source of truth (S3, EC2, ALB, HTTP server) |
| Distribution | The CDN configuration (URL like https://xxxx.cloudfront.net) |
| Edge Location | Where cached content is stored |
| TTL (Time To Live) | How long edge caches content |
| Cache Behavior | Rules for paths (e.g., /images/* vs /api/*) |
| Invalidation | Removing cached files before TTL expires | Many people confuse cloudfront
Stream to Kinesis Data Firehose (low latency, higher cost).