[stellar678]

Any ideas on how they accomplish this?

I presume it means that when I upload an SSL cert and associate it with one (or more) cloudfront distribution, that Amazon ends up dedicating at least one IP address at every edge location solely to my SSL cert?

I guess the scarcity of IP address space explains the steep pricing? They want you to consider other options before asking to reserve 40 dedicated IP addresses.

[pfg]

Unfortunately the documentation doesn't mention how it's implemented (at least I couldn't find anything), but considering the steep pricing, you're probably right with your assumption.

Hopefully they'll be able to switch to Server Name Indication (SNI) in the near future as that would save a lot of IP addresses (and, if that's their biggest cost factor, allow them to lower the price). I think Windows XP is the biggest obstacle w.r.t. SNI, but thankfully XP will be EOL'd soon(ish).

[adrr]

Couldn't they do it with 1 IP and use anycast instead of DNS to route to the edges?

[jread]

CloudFront doesn't use Anycast for content routing - only the DNS side is Anycast