How to Create CloudFront Distribution in Amazon Web Services (AWS)

Technical

How to Create CloudFront Distribution in Amazon Web Services (AWS)

by KarthikLeave a Comment on How to Create CloudFront Distribution in Amazon Web Services (AWS)

What is CloudFront?

CloudFront is amazons web services which stores the content such as html, CSS, scripts, images etc. in worldwide network of data centers called edge locations, this will serve the static and dynamic web content very fast and quickly. Contents will be served to your browser from nearby edge locations to your region.

Steps to Create New CloudFront

You should have AWS account to create new CloudFront. Login to AWS console using your credential,

https://console.aws.amazon.com/console/home

You can find all the Services. Under Networking & Content Delivery tab you find CloudFront.

Or You can search the service using the name,

Once CloudFront opened, you find the page like below,

Here you can create new CloudFront Distribution, using Create Distribution button.

Then select the delivery method of your content going to serve.

Here Im chossing delivery method as Web.

Purpose of creating a web distribution if you want to:

  • To speed up the distribution of static and dynamic content, for example, HTML, CSS, Scripts, and Images.
  • Distribute media files using HTTP or HTTPS.
  • Add, update, or delete objects, and submit data from web forms.
  • Use live streaming to stream an event in real time.

Note:

You should store your files in an origin. This origin will be either an Amazon S3 bucket or a web server. You can add more origins to your distribution only after you have created the distribution.

Origin Releated Fields:

Origin Name: This will be S3 bucket name. This will show the available buckets in dropdown, you can select the bucket name which you want to serve in CloudFront.

Here, I have chosen the origin Name as “testbucket.s3.amazonaws.com”. It is an existing S3 Bucket in AWS.

Origin Path: It’s an optional. I left it as empty. If you want CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin, enter the directory name here, beginning with a /. CloudFront appends the directory name to the value of Origin Domain Name when forwarding the request to your origin,

For example, mybucket/production. Do not include a / at the end of the directory name.

Origin ID: This will be set automatically once you selected Origin Name. You can change as you desire. This value lets you distinguish multiple origins in the same distribution from one another. The description for each origin must be unique within the distribution.

Here origin id I set “S3-testbucket”

Restrict Bucket Access: By default, it will be No.If you want to require that users always access your Amazon S3 content using CloudFront URLs, not Amazon S3 URLs, click Yes. This is useful when you are using signed URLs or signed cookies to restrict access to your content.

Origin Custom Headers: The custom header keys and values you give here will be included in every request to this origin. If a header was already supplied in the client request, it is overridden.

I have left it as empty.

Default Cache Behavior Settings

You can moslty keep all the default cache settings as it is. No need to change anything except few like protocol policy in case of your need.

Path Pattern : The default cache behaviour only allows a path pattern of * (forward all requests to the origin specified by Origin). To change the behaviour or the routing for other requests (for example, *.jpg), add more cache behaviours after you create the distribution.

Viewer Protocol Policy: To allow viewers to access your web content using either HTTP or HTTPS, specify HTTP and HTTPS. To redirect all HTTP requests to HTTPS, specify Redirect HTTP to HTTPS. If you want CloudFront to require only HTTPS, specify HTTPS Only, this will not allow HTTP requests.

Allowed HTTP Methods: Select the list of HTTP methods you want to allow for this cache behaviour

Field-level Encryption Config: Field-level Encryption configuration from private content

Cached HTTP Methods: Select the list of HTTP methods you want to cache for this cache behaviour.

Cache Based on Selected Request Headers: Select whether you want CloudFront to cache your objects based on header values.

Object Caching: Use Origin Cache Headers if your origin server is adding a Cache-Control header to control how long your objects stay in the CloudFront cache. Select Customize to specify a minimum time that objects stay in the CloudFront cache regardless of Cache-Control headers.

Minimum TTL: The minimum amount of time, in seconds, that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated.

Maximum TTL: The maximum amount of time, in seconds, that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated.

Default TTL: The default amount of time, in seconds, that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated.

Note: The TTL value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-max-age, and Expires to objects.

Forward Cookies: You can select CloudFront to include all user cookies in the request URLs that it forwards to your origin (All), only selected cookies (Whitelist), or no cookies (None). If you select Whitelist, add the names of the cookies to the Whitelist Cookies field.

Query String Forwarding and Caching: You can choose the query string parameters you want CloudFront to forward to the origin (all or none).

Restrict Viewer Access (Use Signed URLs or Signed Cookies): You can restrict the users to access your content using a signed URL or a signed cookie.

Compress Objects Automatically: You can use this to compress the content automatically, this will work based on Accept-Encoding: gzip request header.

Distribution Settings

Alternate Domain Names (CNAMEs): You must list any custom domain names (for example, testbucket.yourdomain.com) that you use in addition to the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files. You can specify up to 100 CNAMEs separated with commas or put each on a new line.

Note: You also must create a CNAME record mapping to your custom domain with CloudFront domain in your DNS provider portal like testbucket.yourdomain.com to d1234.cloudfront.net.

SSL Certificate: We have two option here,

Default CloudFront Certificate (*.cloudfront.net) – Choose this option if you want your users to use HTTPS or HTTP to access your content with the CloudFront domain name

Example: https://d1234.cloudfront.net/logo.jpg

Custom SSL Certificate (yourdomain.com) – Choose this option if you want your users to access your content by using an you own domain name,

Example: https://testbucket.yourdomain.com/logo.jpg

Note: You need to upload your certificate to Certificate Store, then only available certificates will be listed here. Check out the blog to upload the custom server certificate to IAM certificate store.

How to Upload SSL certificate to Amazon Web Service(AWS) IAM using command line interface

Custom SSL Client Support: Clients that Support Server Name Indication (SNI) – (Recommended) – CloudFront serves your content over HTTPS to clients that support SNI.

Security Policy: Choose the security policy that you want CloudFront to use for HTTPS connections. Chose recommended one TLSv1.1_2016.

Supported HTTP Versions: HTTP/2, HTTP/1.1, HTTP/1.0. Chose the option with HTTP/2 protocol.

Default Root Object: It’s an optional. The object that you want CloudFront to return (for example, index.html) when a viewer request points to your root URL (http://testbucket.yourdomain.com) instead of to a specific object in your distribution (http:// testbucket.yourdomain.com/index.html).

Logging: Select whether you want CloudFront to log all viewer requests for files in your distribution. Note: Charges applied to access logs.

Enable IPv6: IPv6 is a new version of the IP protocol; it’s the successor to IPv4 and uses a larger address space. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content.

Comment: It’s an optional. Any comment about the distribution.

Distribution State: When the distribution is enabled, CloudFront processes viewer requests for the content associated with this distribution. When the distribution is disabled, CloudFront does not accept any requests for the content associated with this distribution.

He is a product manager at a reputed software company and a freelance blog writer. He is experienced in different technologies, web securities, and web applications. He keeps learning and make himself up to date on the latest technologies, news, health, and fitness. This encouraged him to share his experiences by writing articles.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Back To Top
%d bloggers like this: