When you create a VPC and attach an internet gateway or NAT gateway, the AZs in the associated region need a mechanism to connect to the internet or other regions:

Figure 8.2 – AWS regional transit centers

This is why, in addition to the direct interconnects AZs have with each other, each region also has two independent, fully redundant Transit Centers (TCs). TCs are how connections leaving an AZ reach another AWS region, access the internet, or communicate with AWS Direct Connect locations:

Figure 8.3 – Paths between ENIs in different locations

These TCs natively interconnect with AWS peers and Internet Exchanges (IXs) at anywhere from 100 to 600 Gbps (400 Gbps is the standard). To get an idea of the scale of the AWS Global Network’s interconnections, navigate to the PeeringDB entry for Amazon’s AS:

Figure 8.4 – PeeringDB entry for AS16509 (AMAZON)

Here, anyone can peruse the ~300 public exchange points and ~160 IXs AS 16509 is peered with, and at what speed.

Processing at the near edge with Amazon CloudFront

Amazon CloudFront is a worldwide Content Distribution Network (CDN), similar to Akamai or CloudFlare. CDNs are global (or sometimes regional) networks of proxy servers that cache copies of content closer to where user requests are coming from. The idea is that the cost of maintaining Points-Of-Presence (POPs) around the world is worth it because of the improved user experience due to lower latencies and/or the bandwidth saved by not transmitting the same large object across the internet over and over.

Fundamental to all CDNs is the ability to dynamically swap out the IP address of a server with one closer to the user each time a request comes in.