How to Set Up AWS CloudFront with S3 for Content Delivery

ByAkrur Neupane Hours Updated on Categories Networking, System Administration

In today’s online world, it’s crucial to make sure your website loads quickly and reliably for a smooth experience. Amazon Web Services (AWS) provides a powerful tool called AWS CloudFront, to help you achieve this. AWS CloudFront is a Content Delivery Network (CDN) service designed to distribute content globally with low latency and high data transfer speeds. 

In this article, I will show you how to use this distribution service to make your website faster and more available when you’re serving a website through an S3 bucket. By following these steps, you can significantly enhance your website’s performance and availability.

The architecture diagram of our article

Let’s dive into each step and explore basics and advanced configurations to further optimize your content delivery.

Prerequisites

Before you start the setup process, ensure you have the following:

An AWS account with the necessary permissions to create and manage cloud resources.

A registered domain name or access to DNS settings.

Web content stored in an S3 bucket.

Step 1: Creating an S3 Bucket and Hosting a static website on S3 

Log in to your AWS Management Console.

Navigate to the S3 (Simple Storage Service) section.

Accessing S3 

Click on the “Create bucket” button.

Creating a S3 bucket

Provide a unique and descriptive bucket name following S3 naming conventions. (The bucket name must be unique, so I would suggest you start with your full name/company name so it can be unique.)

Choose a region for your S3 bucket, ideally one closest to your target audience.

Giving a bucket name and selecting a region

Leave all the things as default. (Don’t make it public as we are using CloudFront distribution to access these buckets.)

Click “Create bucket”.

Finishing creating a bucket

Step 2: Uploading Content to Your S3 Bucket

Select your S3 bucket from the dashboard.

Click on the “Upload” button to add your static web assets (e.g., HTML files, and images).

Uploading objects in S3 bucket 

Click on “Add files” if you have only files (just HTML and CSS) but if you have build files (e.g. React or Next) you can click on “Add folder” and upload the files or folder. 

Adding files in the S3 bucket

Click on the “Upload” button.

Step 3: Creating an AWS CloudFront Distribution for the S3 bucket

Go to the AWS CloudFront console.

Accessing the CloudFront page

Click on the “Create a CloudFront distribution” button.

On the Origin domain select the S3 bucket that we have created. 

Selecting the S3 bucket that we have created. 

In the Origin access select “Origin access control settings.”

Now click on “Create control setting.”

Creating Origin Access Control

It’s recommended to configure the S3 bucket to restrict access to only CloudFront. In this setup, CloudFront acts as a security layer in front of the S3 bucket, and direct access to the S3 bucket is blocked.

Give the name and description. I am leaving it as default.

Click on “Create.”

Creating control setting

Leave all the things as default for now.

In the Web Application Firewall (WAF), disable the security protection. (You can enable it if you need.) 

Choosing not to enable security protections

In the default root object, add your default root object file name. In my case it’s index.html. 

Adding default root object

Click on “Create distribution.” 

You can see the notification that our S3 bucket policy needs to be updated.

Warning message to update the S3 bucket policy

Copy the policy first. 

Click on “Go to S3 bucket permission to update policy.” 

Copying the S3 policy

It will open up the S3 bucket policy. 

Scroll down a bit and click on “Edit” under bucket policy. 

Accessing the bucket policy section 

Paste the policy that you have copied from CloudFront. 

Pasting the S3 bucket policy 

And click on “Save changes.” 

Our bucket policy has been successfully edited.

Successfully edit policy message

Go back to the CloudFront.

Make sure that your “Last modified” is changed from “Deploying” to the date and time. 

Copy the distribution domain name. 

Copying the distribution domain name 

Access your static website from the CloudFront distribution name.

Accessing the website through a distribution domain name 

The files and images will now be distributed from the platform cache, not from the S3 bucket. 

Step 4: Setting up a custom domain name for CloudFront 

Go to your CloudFront distribution. 

Click on “Edit” in the general tab. 

Editing the settings of our distribution 

Click on “Add item” in the alternate domain name section. 

Adding the CNAME (Alternate domain name) for the CloudFront distribution 

(You can also do this step while configuring the CloudFront distribution at the beginning)

Enter your domain or subdomain name. 

Choose the certificate from your AWS Certificate Manager (ACM). 

Selecting the SSL certificate from the ACM

If you haven’t got a certificate, then click on “Request a certificate” and issue the certificate for your domain from ACM.

Requesting an ACM certificate 

Now click on “Save changes.” 

Saving Cert Changes

Now go to Route 53.

Select your hosted zone for the domain.

Click on “Create Record.”

Creating a Route 53 record

Add the subdomain name if you have added a subdomain on the CNAME in CloudFront or if you have added a root domain then leave it as empty. In my case, I have added a subdomain so I will add “S3” to the record name. 

Adding route 53 dns A record 

Select the “Alias.”

In the Route Traffic section, select “Alias to CloudFront distribution” in the endpoint. 

Select the destination to the above-created CloudFront distribution. 

Selecting a CloudFront distribution that we have created 

Click on “Create records.” 

Wait for the status to be INSYNC.

Now you can access your S3 bucket from the domain name through CloudFront distribution. 

Accessing the website through a domain name 

Step 4: Advanced configuration on AWS CloudFront

Cache invalidation in CloudFront

Cache invalidation keeps your website fresh and accurate for a seamless user experience. It is a process for ensuring that the newest website content reaches users quickly. It lets you remove specific files from CloudFront’s cache before they naturally expire. This is useful for updating content like images or urgent fixes, ensuring timely promotions, or displaying personalized user content. To utilize cache invalidation do the following:

Log in to your AWS Management Console.

Go to the AWS CloudFront console.

Select your CloudFront distribution.

In the distribution settings, navigate to the “Invalidations” tab.

Click on the “Create Invalidation” button.

Creating an invalidation

Add the object paths. 

Adding the object paths

Invalidation paths allow you to specify which content should be invalidated. For example, if you want to invalidate all files under a directory named “images,” you would enter /images/* or you can invalidate all files (*). 

Geographic Restrictions

You can restrict who can access your distribution. It has mainly two types of restriction.

  • Allowlist: It will allow the users to access the content only if they are in one of the countries on a list of approved countries. 
  • Blocklist: It will prevent the users from accessing the content if they are in one of the countries on a list of banned countries. 

To set up a geo restriction, do the following:

Select your CloudFront distribution.

In the distribution settings, navigate to the “Geographic Restrictions” tab.

Click on “Edit.”

Accessing the geographic restrictions 

Select either “Allow list” or “Block list”.  I am going to block the users from the USA, so select “Block list.”

Choose the countries to add to the block list. 

Adding geo restriction 

Click on “Save changes.” 

Now users from the USA cannot access this distribution. 

Error while accessing the website from the USA

Recommended Tool: ManageEngine OpManager

  • Multi-vendor Network Monitoring
  • Simple Installation & Setup
  • Intuitive UI
  • Complete Visibility
  • Intelligent Detections
  • Easy Resolutions

Avatar

Cloud Architect

I'm a Cloud Architect with experience in AWS services, Docker, Git, Github Actions, YAML, Ansible, Jenkins, Linux, and other DevOps tools. I specialize in building and managing scalable infrastructure solutions, automating processes, and implementing CI/CD practices.

Leave a Reply

Your email address will not be published. Required fields are marked *