What can the Solutions Architect do to improve the cache hit rate for this distribution without causing the SSL/TLS handshake between CloudFront and theApplication Load Balancer to fail?
Create two cache behaviors for static and dynamic content. Remove the User-Agent and Host HTTP headers from the whitelist headers section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section and the Authorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Remove the User-Agent and Authorization HTTP headers from the whitelist headers section of the cache behavior. Then update the cache behavior to use presigned cookies for authorization.
Remove the Host HTTP header from the whitelist headers section and remove the session cookie from the whitelist cookies section for the default cache behavior. Enable automatic object compression and use Lambda@Edge viewer request events for user authorization.
Create two cache behaviors for static and dynamic content. Remove the User-Agent HTTP header from the whitelist headers section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section and the Authorization HTTP header from the whitelist headers section for cache behavior configured for static content.
Explanations:
While creating two cache behaviors for static and dynamic content can help, removing the User-Agent and Host headers, as well as the session cookie and Authorization header for static content, may not be suitable as it could lead to improper handling of requests that require user-specific data. Removing essential headers may result in incorrect content being served.
Removing the User-Agent and Authorization headers from the whitelist may lead to issues with user authorization for dynamic content. While presigned cookies can enhance cache hit rates, they do not address the need for specific headers in a dynamic context where user sessions are essential.
Although removing the Host header and session cookie may help improve the cache hit rate, enabling automatic object compression and using Lambda@Edge for user authorization does not directly address the core issue of the high cache miss rate related to the configuration of HTTP headers and cookies being forwarded.
Creating two separate cache behaviors allows for different handling of static and dynamic content. By removing the User-Agent header and ensuring that static content does not include the session cookie and Authorization header, this approach optimizes caching for static assets while preserving necessary headers for dynamic requests. This separation helps to improve the cache hit rate significantly without impacting the SSL/TLS handshake.
My best guess is:
Create two cache behaviors for static and dynamic content. Remove the User-Agent HTTP header from the whitelist headers section on both of the cache behaviors. Remove the session cookie from the whitelist cookies section and the Authorization HTTP header from the whitelist headers section for cache behavior configured for static content.