How to Quickly Set Up AWS CloudFront Distribution for ALB & EC2
In this tutorial, I’ll cover how you can use Amazon Web Services (AWS) CloudFront, a super-fast Content delivery network (CDN), to make your website perform better and be highly available to users everywhere. Whether you’re hosting a website with an Elastic Compute Cloud (EC2) server, or using Application Load Balancers (ALBs), I will provide simple, step-by-step instructions to help you create a great experience for your site visitors worldwide.
Prerequisites
Before you start the setup process, ensure you have the following:
- AWS account: An account with the necessary permissions to create and manage resources.
- EC2 Instances: Website or a Service hosted on pre-existing EC2 cloud instances that you want to accelerate
- ALB: Application Load Balancer which must be running with a target group.
- Domain and DNS Control: Access to the domain for the website you wish to accelerate, and the ability to configure DNS records.
- SSL/TLS Certificate (if needed): If you want to enable HTTPS for their websites, you should have an SSL/TLS certificate ready or be prepared to create one using AWS Certificate Manager.
Setting up CloudFront distribution for EC2
If you are using CloudFront distribution ahead of the EC2 instances then the instance must be in a public subnet otherwise edge locations cannot access the EC2 instances because there is no private VPC connectivity in CloudFront.
Step 1: Creating an EC2 Instance
Navigate to the EC2 dashboard.
Click on “Launch Instances” to create a new EC2 instance.
Follow the instance creation wizard, selecting your preferred Amazon Machine Image (AMI), instance type, and other configurations.
Ensure that your EC2 instance is running and has a public DNS name.
Also, ensure that your instance security group has HTTP and HTTPS rules added in inbound rules.
Step 2: Create an SSL/TLS Certificate (if you don’t have one)
Go to the AWS Certificate Manager (ACM) service.
Click “Request a certificate” and follow the process to request a public SSL/TLS certificate for your domain.
Complete the validation process to get the certificate.
Step 3: Creating and Configuring a CloudFront Distribution for EC2
Navigate to the CloudFront service in the AWS Management Console.
Click “Create Distribution.”
(In the “Web” section, click “Get Started.”)
Step 4: Configure CloudFront Distribution
Enter your EC2 instance’s public DNS name (e.g., ec2-public-dns.amazonaws.com) as the “Origin Domain Name.”
In the Protocol Policy, select “HTTP Only” if you want to use HTTP. Otherwise, choose “HTTPS Only.” but make sure that your EC2 instance accepts the HTTPS traffic.
Leave the “Origin Path” empty.
Leave the other settings as default or configure them based on your requirements.
In the Default Cache Behavior Settings, choose “Redirect HTTP to HTTPS” to ensure secure connections (if you have an SSL/TLS certificate). Otherwise, select “HTTP and HTTPS.”
If you have a dynamic web application, in the Allowed HTTP methods select “GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE.”
Leave the other settings as default or configure them based on your requirements.
In the Cache key and origin requests, I have chosen to disable the cache. If you want to use it then you can configure it based on your requirements.
Select “Do not enable security protections.” (If you want to enable it then you can do that.)
In Settings, choose “Price Class” based on your target audience (e.g., “Use All Edge Locations” for global reach).
In the alternative domain name (CNAME), add your domain/subdomain name.
Choose your ACM SSL/TLS certificate for the “Alternate Domain Names (CNAMEs)” field.
Click “Create Distribution” to create your CloudFront distribution.
Make sure that your “Last modified” is changed from “Deploying” to the date and time.
Copy the distribution domain name.
Access your website from the CloudFront distribution name.
Step 5: Setting up a custom domain name for CloudFront (EC2)
Go to Route 53.
Select your hosted zone for the domain.
Click on “Create Record.”
Add the subdomain name if you have added a subdomain on the CNAME in CloudFront or If you have added a root domain then leave it empty. In my case, I have added a subdomain so I will add “ec2” to the record name.
Select the “Alias.”
In the Route Traffic section, select “Alias to CloudFront distribution” in the endpoint.
Select the destination to the above-created CloudFront distribution.
Click on “Create records.”
Wait for the status to be INSYNC.
Now you can access your EC2 instance from the domain name through CloudFront distribution.
Setting up CloudFront distribution for ALB
Prerequisites
- An Application Load Balancer (ALB) and associated target EC2 instances.
Step 1: Create an Application Load Balancer (ALB)
Navigate to the EC2 service.
Click on “Load Balancers” in the left navigation pane.
Click the “Create Load Balancer” button.
Choose “Application Load Balancer.”
Configure your ALB settings, including listeners, security groups, and target groups.
Make sure that your load balancer has both HTTP and HTTPS listener (If you just want an HTTP request then you can use that only). If you want to forward an HTTP request to HTTPS then you can also add that listener.
Complete the wizard to create your ALB. Note the ALB’s DNS name (e.g. my-alb-1234567890.us-east-1.elb.amazonaws.com).
Step 2: Create an SSL/TLS Certificate (if needed)
Go to the AWS Certificate Manager (ACM) service in the AWS Management Console.
Click “Request a certificate” and follow the wizard to request a public SSL/TLS certificate for your domain.
Complete the validation process to get the certificate.
Step 3: Creating a CloudFront Distribution for ALB
Navigate to the CloudFront service in the AWS Management Console.
Click “Create Distribution.“
(In the “Web” section, click “Get Started.”)
Step 4: Configure CloudFront Distribution
In the “Origin Domain Name.” select your Application Load Balancer.
In the Protocol Policy, select “HTTP Only” if you want to use HTTP. Otherwise, choose “HTTPS Only.”
Leave the “Origin Path” empty.
Leave the other settings as default or configure them based on your requirements.
In the Default Cache Behavior Settings, choose “Redirect HTTP to HTTPS” to ensure secure connections (if you have an SSL/TLS certificate). Otherwise, select “HTTP and HTTPS.”
If you have a dynamic web application, in the Allowed HTTP methods select “GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE.”
Leave the other settings as default or configure them based on your requirements.
In the Cache key and origin requests, I have chosen to disable the cache. If you want to use it then you can configure it based on your requirements.
Select “Do not enable security protections.” (If you want to enable it then you can do that.)
In Settings, choose “Price Class” based on your target audience (e.g., “Use All Edge Locations” for global reach).
In the alternative domain name (CNAME), add your domain/subdomain name.
Choose your ACM SSL/TLS certificate for the “Alternate Domain Names (CNAMEs)” field.
Click “Create Distribution” to create your CloudFront distribution.
Make sure that your “Last modified” is changed from “Deploying” to the date and time.
Copy the distribution domain name.
Access your static website from the CloudFront distribution name.
Step 5: Setting up a custom domain name for CloudFront (ALB)
Go to Route 53.
Select your hosted zone for the domain.
Click on “Create Record.”
Add the subdomain name if you have added a subdomain on the CNAME in CloudFront or If you have added a root domain then leave it empty. In my case, I have added a subdomain so I will add “alb” to the record name.
Select the “Alias.”
In the Route Traffic section, select “Alias to CloudFront distribution” in the endpoint.
Select the destination to the above-created CloudFront distribution.
Click on “Create records.”
Wait for the status to be INSYNC.
Now you can access your ALB from the domain name through CloudFront distribution.
