How to Design a Global Media Delivery and Personalization Platform on AWS with CloudFront, S3, API Gateway, and DynamoDB Global Tables

Global personalization breaks when every recommendation request crosses Regions or when the real-time ranking pipeline is so tightly coupled that a lagging analytics consumer takes down the user experience. A video, news, or learning platform must deliver assets globally with low latency while personalizing home pages, watchlists, and recommendations across Regions for millions of users.

TL;DR: Keep static delivery on CloudFront and S3, serve personalization through Region-local APIs, store user state in DynamoDB global tables, and stream engagement feedback into Kinesis for asynchronous recommendation refreshes.

Why Naive Solutions Break

Serving all assets and personalization requests from one Region increases latency globally and makes a regional outage visible to users immediately. A single centralized database also forces remote reads and introduces cross-Region dependencies in the hot path.

Architecture Overview

Use CloudFront as the primary edge layer, store media and static assets in S3, expose personalization APIs via API Gateway plus Lambda or ECS, keep user state in DynamoDB global tables, and publish engagement events into Kinesis for recommendation updates. Use EventBridge global endpoints where event publishing continuity matters across Regions.

Architecture Diagram

Service-by-Service Breakdown

• CloudFront: Edge delivery, signed URLs/cookies, origin failover, and cache control.
• S3: Origin for static assets, thumbnails, metadata bundles, and downloadable content.
• API Gateway: Region-local entry point for personalization and session APIs.
• Lambda or ECS: Recommendation-serving and profile APIs, depending on latency and runtime needs.
• DynamoDB global tables: Multi-Region active-active user state such as watchlists, bookmarks, and preference profiles.
• Kinesis: Streams engagement events for near-real-time recommendation refreshes.
• EventBridge global endpoints: Safer cross-Region event ingestion pattern for critical publishers.
• ElastiCache Redis: Regional cache for home-page fragments and high-frequency recommendation candidates.
• CloudWatch and X-Ray: Track origin hit ratio, personalization latency, and Region failover health.

Request Lifecycle and Data Flow

1. Users fetch static assets from CloudFront and S3 at the edge.
2. Personalization API calls are routed to the nearest healthy Region.
3. The application reads hot page fragments from Redis and user state from the local DynamoDB replica.
4. The response combines cached recommendations with fresh entitlement or session checks.
5. User actions such as play, like, or skip are published to Kinesis.
6. Recommendation workers update candidate sets and user models asynchronously.
7. Critical domain events can be published through EventBridge global endpoints with replication-enabled recovery posture.

Production Code Patterns

Signed CloudFront URL generation for protected media

from datetime import datetime, timedelta
from botocore.signers import CloudFrontSigner

expires = datetime.utcnow() + timedelta(minutes=10)
url = signer.generate_presigned_url(
    f"https://d111111abcdef8.cloudfront.net/media/{asset_id}.m3u8",
    date_less_than=expires,
)

DynamoDB global table update for watchlist state

await ddb.send(new UpdateCommand({
  TableName: process.env.WATCHLIST_TABLE,
  Key: { pk: `USER#${userId}`, sk: `PROFILE#WATCHLIST` },
  UpdateExpression: "SET updatedAt = :now ADD titles :titleSet",
  ExpressionAttributeValues: {
    ":now": new Date().toISOString(),
    ":titleSet": docClient.createSet([titleId]),
  },
}));

Scaling Strategy

• Cache aggressively at CloudFront and Redis to minimize origin load.
• Keep personalization state local to the Region by using DynamoDB global tables and Region-local endpoints.
• Partition Kinesis by user or content ID depending on ordering needs.
• Scale recommendation workers separately from request-serving APIs.
• Avoid cross-Region reads in the hot path unless during failover.

Cost Optimization Techniques

• Tune CloudFront TTLs and cache keys carefully to avoid unnecessary origin requests.
• Store only canonical preference data in DynamoDB; keep large derived models in S3.
• Downsample engagement events before expensive downstream indexing when full fidelity is not needed.
• Use S3 lifecycle policies for historical logs and media derivatives.

Security Best Practices

• Use CloudFront signed URLs or signed cookies for protected media.
• Encrypt S3, DynamoDB, and Kinesis with KMS.
• Keep APIs behind WAF and apply per-user token validation.
• Scope IAM permissions by Region and service role to reduce failover blast radius.

Failure Handling and Resilience

• Use multi-Region application endpoints and local DynamoDB replicas.
• Design recommendation refreshes to be eventually consistent so serving can continue during analytics degradation.
• Replicate EventBridge events and make consumers idempotent because event IDs can differ across API calls.
• Fall back to cached or popularity-based recommendations if real-time pipelines lag.

Trade-offs and Alternatives

Active-active multi-Region improves user experience and resilience, but it raises conflict-resolution complexity and operational cost. Aurora Global Database can work for some personalized metadata, but DynamoDB global tables are usually a cleaner fit for region-local low-latency user state.

Real-World Use Case

A Netflix-style streaming service can use this architecture for watchlists, continue-watching rails, and globally distributed content delivery.

Key Interview Insights

• Say clearly that the hot path should stay Region-local.
• Mention consistency trade-offs for active-active user writes.
• Discuss graceful degradation for recommendations.
• Explain why edge caching and data locality matter as much as raw compute scaling.

Recommended resources

• AWS Architecture Center
• Amazon API Gateway docs
• Amazon CloudWatch docs