CASE 119 · ANCHOR · 2025
Origin Shield, sized to actually pay for itself.
A software distribution company served 14PB/month from CloudFront with origins in S3 across two regions. Cache hit rate at the edge was good (84%); origin fetches were still expensive because they hit S3 from every edge location independently. We added Origin Shield and brought origin fetches down 73%.
Software distribution
COST
2025
RESULTS
What changed, by the numbers.
ORIGIN FETCHES
−73%
EFFECTIVE CACHE HIT RATE
96.4%
S3 + EGRESS BILL
−$22K/mo
p50 LATENCY
−4%
HOW IT WENT
CloudFront has roughly 600 edge locations. Without Origin Shield, a cache miss at any of them goes to origin independently. For a file requested from 50 regions, that’s 50 S3 GETs in a row. Origin Shield consolidates those into one fetch through a chosen regional cache.
We sized Origin Shield in us-east-1 (where most of the S3 origin traffic was anyway) and let CloudFront route edge misses through it. The team’s release shape — a new build downloaded by a million users globally over the first hour — is exactly the workload Origin Shield is built for.
Origin fetch rate dropped 73%. Effective cache hit rate (edge + shield) went from 84% to 96.4%. Net of Shield’s small operational cost, the S3 + egress bill dropped $22k/month. Edge latency improved 4% at p50 because the mid-tier was warmer.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.