How to Create AWS CloudFront Distribution with S3 Origin
Are you looking for step by step instruction on how to create a CloudFront distribution for your S3 bucket?
Are you confused because an S3 bucket and an S3 website get configured differently with CloudFront?
Worry not, In this post, I am going to clear up your confusion. And then, you will proceed on how to create AWS CloudFront distribution with S3 origin.
A Bit of Background on CloudFront and S3
As you might already know CloudFront is a CDN or content delivery network. It can speed up the distribution of your static or dynamic web content to your users. For example – HTML, CSS, Images, Javascript etc.
Before CloudFront can deliver your content at a fast speed to your users, you need to tell where that file is stored. That’s what is called Origin.
Origin can be an S3 bucket or any HTTP server like your EC2 instance, application load balance(ALB) or s3 static website etc.
In case you want to serve your bucket content normally and not set up as a static website, you use s3 origin. While creating the distribution you provide the origin domain as your bucket path which is bucket-name.s3.regionname.amazonaws.com. However if you would like use s3 website, your origin domain would look like – bucket-name.s3-website.ap-south-1.amazonaws.com.
In case of s3 origin, you can either keep your bucket public so that your users can access it via CloudFront URL or you can keep the bucket private and set up OAI or OAC.
For today’s tutorial, to keep things simple I will make the bucket public but will show you where these settings are to set up OAC.
Alright?
Let’s get started.
Don’t want to miss any posts from us? join us on our Facebook group, and follow us on Facebook, Twitter, LinkedIn, and Instagram. You can also subscribe to our newsletter below to not miss any updates from us.
How to Create AWS CloudFront Distribution with S3 Origin
- Create an S3 Bucket
- Upload a few files into S3 Bucket
- Make Your Bucket Public
- Create a CloudFront Distribution with S3 Origin
- Validate Accessing Your Files via CloudFront
Step 1: Create an S3 Bucket
Login to AWS Management Console. Search for S3 service or click on Services -> Storage -> S3 -> Click to Open
Once you are in the S3 dashboard, click on Create bucket
Provide a unique bucket name and select a region in which your s3 bucket will reside.
Leave the rest of the setting as default and click on Create bucket.
Related: How to Create an S3 Bucket Step by Step
Step 2: Upload a Few Files into S3 Bucket
Click on the bucket name and navigate inside your bucket.
From inside your bucket, click on Upload -> Add files
Select your file and click Upload.
I have uploaded a file diagram.png in the bucket. We’ll try later to access diagram.png from CloudFront.
Step 3: Make Your Bucket Public
At the moment the created bucket is private. Let’s make it public.
Click on the permission tab and click Edit in Block public access (bucket settings) section.
Uncheck Block all public access and click on Save changes like below.
Enter confirm in the box and click confirm.
This was the first step. Next is to add a bucket policy to make this bucket public.
Stay in the permission tab, scroll down to the Bucket policy section and click Edit.
Enter a bucket policy like below-
{
"Version": "2012-10-17",
"Id": "Policy1640958696038",
"Statement": [
{
"Sid": "Stmt1640958688822",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::cloudfront-demo-ck/*"
}
]
}And click Save changes. Now your bucket is public. If you are using different bucket name, make sure to change the Arn which looks like arn:aws:s3:::cloudfront-demo-ck now. Make the Arn in resource as arn:aws:s3:::bucket-name.
Now if you notice the permissions tab, bucket access will be shown as public. So anybody can access your objects now.
Let’s try to serve it from CloudFront.
Step 4: Create a CloudFront Distribution with S3 Origin
Search for CloudFront to open CloudFront service.
Click on Create a CloudFront distribution button as seen the below screenshot.
In the Origin domain, select your origin file server which in our case is s3. Once you click in the box, you will see various options including list of your s3 buckets. Choose your bucket name –
As you can see in the Amazon S3 origin type, all my bucket are listed. I have selected the cloudfront-demo-ck bucket.
Notice the path name: cloudfront-demo-ck.s3.ap-south-1.amazonaws.com
Leave the origin path blank
As we discussed earlier either your bucket needs to be public for CloudFront to be able to access it or you need to have OAC enabled so that only CloudFront can access your bucket:
Note: We always recommend using OAC. However, for the simplicity of this tutorial we are going with a public bucket.
Leave everything else to default as of now and scroll down and click on create the distribution.
Your distribution creation is successful. It takes some time for it to be setup and active.
Step 5: Validate Accessing Your Files via CloudFront
Remember we uploaded diagram.png in our bucket. So do we access it from CloudFront?
Enter in your browser the URL as https://<CloudFront-Domain>/<file-name>
which is https://d2qsf4u4m24m41.cloudfront.net/diagram.png
and Voila, as you would expect, the dfiagram.png shows up in the browser.
That means you have successfully setup your CloudFront distribution with S3 origin.
If your S3 bucket is not public or your CloudFront does not have access to the s3 bucket via OAI or OAC, you will get an error like below-
Your CloudFront distribution gives AccessDenied as shown in the screenshot. Fix the permission issue and things will work fine for you.
Conclusion
In this post we discussed about CloudFront distribution and various origin servers supported by it. Later we also learnt how to create AWS CloudFront distribution with S3 origin.
We uploaded a file in S3 bucket and validated it accessing via CloudFront. We also saw what happens if CloudFront doesn’t have access to your bucket.
Hope the post was useful to you. If you have any question, feel free to drop in comment section.
Enjoyed the content?
Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.
If you liked reading my post, you can motivate me by-
- Adding a comment below on what you liked and what can be improved.
- Follow us on Facebook, Twitter, LinkedIn, Instagram
- Share this post with your friends and colleagues.