Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer.
For SOA-C02 candidates, one common pitfall is misunderstanding how CloudFront handles HTTP headers by default—especially the User-Agent header, which many web apps rely on for device-specific rendering. In production, this boils down to precise CloudFront distributions configuration and ALB integration. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
A regional streaming startup, StreamWave, hosts its web front-end on multiple AWS EC2 instances behind an Application Load Balancer (ALB). To improve global performance and caching, the company put a CloudFront distribution in front of the ALB as the origin. They updated their DNS zone in Amazon Route 53 to route all web traffic through CloudFront by attaching a CNAME record.
Shortly after deployment, StreamWave’s SRE team noticed that mobile users were no longer receiving the mobile-optimized website but instead always saw the desktop version. This behavioral regression was traced to CloudFront caching and forwarding behavior.
The Requirement: #
What is the appropriate action StreamWave’s SRE should take to ensure mobile devices receive the correct mobile website version via CloudFront?
The Options #
- A) Configure the CloudFront distribution behavior to forward the User-Agent HTTP header to the origin.
- B) Add the User-Agent header as a custom header in the CloudFront origin settings to forward it.
- C) Enable IPv6 on the ALB and update CloudFront to use a dual-stack origin endpoint.
- D) Enable IPv6 on the CloudFront distribution and update the Route 53 record to a dual-stack alias.
Google adsense #
leave a comment:
Correct Answer #
A
Quick Insight: The SysOps Imperative #
The critical element is ensuring that CloudFront forwards the User-Agent header from the client request to the ALB origin. Without this, the ALB and backend instances cannot detect the client device type, causing them to return the default desktop version to all users.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option A
The Winning Logic #
CloudFront by default does not forward most headers, including User-Agent, because forwarding headers reduces the cache hit ratio and increases latency and cost. However, when the backend relies on the User-Agent header to render device-specific versions (mobile vs desktop), CloudFront must be explicitly configured to forward this header to the origin. This is done by editing the Cache Behavior Settings on the CloudFront distribution and adding “User-Agent” to the whitelist of forwarded headers. This ensures the ALB receives the exact User-Agent header from the client and can respond accordingly.
- This approach preserves accurate device detection while maintaining CloudFront caching where possible.
- It is a well-known SysOps troubleshooting step for device-based content issues behind CloudFront + ALB.
The Trap (Distractor Analysis) #
- Option B: Adding User-Agent as a custom header in origin configuration sends a static, fixed header value—this won’t vary per client request and therefore cannot provide device-specific responses.
- Option C: IPv6 enablement on ALB and updating CloudFront origin to dual-stack is unrelated to User-Agent forwarding or device content detection; it addresses networking, not HTTP headers.
- Option D: Similarly, enabling IPv6 on CloudFront and Route 53 helps dual-stack support and future-proofs connectivity but does not affect HTTP header forwarding or content rendering behavior.
The Technical Blueprint #
# CLI Example: View and update CloudFront cache behavior to forward User-Agent header
aws cloudfront get-distribution-config --id ABCDEFG1234567 > config.json
# Edit config.json: In CacheBehaviors or DefaultCacheBehavior, add User-Agent to Headers list:
# "Headers": {
# "Quantity": 1,
# "Items": ["User-Agent"]
# }
aws cloudfront update-distribution --id ABCDEFG1234567 --distribution-config file://config.json --if-match E2QWRUHAPOMQZL
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact on User Experience |
|---|---|---|---|
| A | Low - simple config change | Easy - via console or CLI | Correctly serves device-specific content |
| B | Medium - requires config edits | Moderate complexity | Fixed header sent; device detection broken |
| C | High - infrastructure change | Complex - networking update | No effect on user content rendering |
| D | High - infrastructure change | Complex - multi-service DNS | No effect on user content rendering |
Real-World Application (Practitioner Insight) #
Exam Rule #
“For SOA exams, whenever custom device detection or client differentiation is required behind CloudFront, remember to whitelist and forward User-Agent headers.”
Real World #
“In production, forward only the headers you absolutely must to avoid cache fragmentation. For mobile/desktop detection, User-Agent is the common case, but other headers like Cookie may also need forwarding depending on the application.”
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.