What are possible causes for this problem?
(Choose two.)
CloudFront does not have the ALB configured as the origin access identity.
The DNS is still pointing to the ALB instead of the CloudFront distribution.
The ALB security group is not permitting inbound traffic from CloudFront.
The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
The target groups associated with the ALB are configured for sticky sessions.
Explanations:
CloudFront does not require an origin access identity (OAI) for an ALB. OAI is typically used for S3 buckets, not ALBs.
If the DNS is still pointing to the ALB instead of the CloudFront distribution, requests will bypass CloudFront and go directly to the ALB, causing no reduction in load on the web servers.
The ALB security group does not need to permit inbound traffic specifically from CloudFront. It needs to permit inbound traffic from general IP ranges (which includes CloudFront IPs).
If the TTL is set to 0 seconds, CloudFront will treat every request as a cache miss and always forward traffic to the ALB, preventing any caching benefits.
Sticky sessions (also known as session affinity) would cause requests to be sent to the same server, but they wouldn’t prevent CloudFront from reducing the load on the web servers by caching.
I rank that the answer is:
The DNS is still pointing to the ALB instead of the CloudFront distribution.
It appears that the answer is:
The DNS is still pointing to the ALB instead of the CloudFront distribution.