Edge location is different than Region/AZs. Its a place where the content will be cached.
Origin: Origin of the files CDN will distribute. Options : EC2 instance , S3 Bucket, ELB and Route 53 or non-AWS origin content (it has to be publicly readable) .
Distribution is the name of a collection of edge locations There are three options (Use all Edge Location (Best Performance, expensive, Use only US, Canda, Europe and Asia, Only US, Canda, Europe (cheapest option)),
Web Distribution is used for web sites, RTMP used for media streaming.
Edge location is not for read only, you can put an object file to edge location.
Object is cached for the live of TTL.
You can clear the cached objects but you will be charged.
Restrict Viewer Access (Use Signed URLs or Signed Cookies) allows you to serve private content through your web or mobile application and restrict the access to the content.
You can use Web Application Firewall to protect your Cloud Front Content.
Default Root Object: Optional. The object that you want CloudFront to return (for example, index.html) when a viewer request points to your root URL (http://www.example.com\) instead of to a specific object in your distribution (http://www.example.com/index.html\). when the use access naked URL.
After creating the Cloud Front distribution, you can :
Add more than on Origin
Change the behavior, such as get all pdf files from particular bucket instead of caching everything which is by default.
Define custom error page
Restrict content by geography, by defining whitelist or black list.
Invalidation - To refresh specific content in the cache.