Lately, AWS introduced ability to connect Cloudfront(CF) to custom origins like Elasticbeanstalk thus enabling to CDN over dynamic servers with WAL in between.
I want to use such kind of AWS infrastructure:
Route53->CloundFront->Elasticbeanstalk(+LoadBalancer)
and I also want to have non-zero TTL to cached requests to the same urls for anonymous users.
To do that I obviously need to whitelist cookies and perhaps headers to exclude for caching. Intuitively I feel that I need to exclude authorization cookies, csrf cookies - and the answer is which cookies and headers I need to exclude to make everything work?
Also is there a gist/lib to tackle exclusion of CF ip address from X_FORWARDED_IP headers chain?
I've found an article describing ho to set everything up for Ruby which is good enough but does not describe issues related to caching only general infrastructure set up.
Given that your users have a session-cookie or some cookie that identifies them, you can whitelist this cookie in CloudFront.
The CloudFront cache will then only cache for users with the same cookie value, i.e. not for logged in users, but for anonymous users only.
CloudFront will by default forward your cache ttl, so you could set that from your beanstalk application.