Cloudfront is a content-delivery network (CDN) that speeds up distribution of content (both static & dynamic) through worldwide network of data-centers called Edge locations providing very less latency and high throughput.
Let's put this in this manner - When we want to buy groceries, we go to our nearest shop to buy it, because we want things as soon as possible. Now this shop has already bought these things from the wholesale market, so whenever we ask for it, they can provide it.
Cloudfront is like this shop which caches the contents which are requested by the user. Whenever someone requests for anything, it provides it from its cache, if it doesn't have then it would get the content from origin (wholesale market) to provide it, and also keep it in cache for future use.
Edge locations
Worldwide Data-centers connected through the AWS backbone network providing less latency and high throughput. Cloudfront sends your distribution configuration and not your content to all of its edge locations.
S3 bucket as origin
We earlier spoke about what cloudfront will do if a user requests for a content that is not present with it. It would then go to the origin to get the content.
S3 bucket can be used as a origin. If our s3 bucket is private, then cloudfront needs to send authenticated requests to s3. We can use OAC (origin access control) / OAI (origin access identity) for securely accessing contents inside s3 bucket. To give access to cloudfront for viewing contents, oac / oai policies must be attached to s3 bucket.
Cloudfront with ALB
Application load balancer can be attached behind cloudfront.
This can reduce latency (because it uses AWS backbone network) and even absorb some DDOS attacks.
Use origin custom headers in cloudfront to add custom HTTP header and value to requests from cloudfront to ALB. Configure ALB rules to only forward requests that contain this HTTP header and value.