Set Up Amazon CloudFront Distribution For S3 Origin

In this article, we will be seeing how we can set up the amazon CloudFront distribution using S3 buckets.
Below are the topics which will be covered,
  • Introduction to Amazon CloudFront
  • Creating an S3 bucket to store contents
  • Creating an S3 bucket to store access logs
  • Setting up CloudFront Distribution

Introduction to Amazon CloudFront

Amazon CloudFront is a CDN service that delivers data/content securely to its consumers globally with very low latency and at high speed.
Content delivery networks provide a globally distributed network that caches content, for example, videos, images, js, CSS, or other bulky media, more locally to consumers and thus improves the access speed for the content.
CloudFront delivers the content through a global network of data centers which they named edge locations. So, whenever a user requests for any content which is being served by CloudFront, then that request is routed to the edge location that provides the lowest latency (time delay), so that the content which user requested get delivered in the shortest span of time and that too with the highest performance.
If the content already resides in edge location, then it is immediately served to the user, but if not then the request will go to the origin like your HTTP server or maybe S3 bucket and then the content will be served. The subsequent request thereafter will be served from CloudFront only.
Now as we have understood the basics, so let's quickly create S3 buckets.

Creating an S3 bucket to store contents

To do so, we will go to the AWS console and select S3 service and then will create the bucket as shown below,
Here we can see that we have used the default settings and blocked the public access so that the content inside the S3 bucket will not be accessible publicly directly.
We can see our bucket cloudfront.demo-bucket has been created successfully. Now, let's add some data/content to the bucket. So we have added 4 images to it.

Creating an S3 bucket to store access logs

As we will also be storing the access logs of CloudFront, so let’s create one more bucket to store the access logs.
The process for this is the same as we discussed already and we named this bucket as So far we have 2 S3 buckets ready.

Setting up CloudFront Distribution

Let's set up the CloudFront distribution now.
Go to AWS Console and search for CloudFront.
And click on Get Started, this will bring the window to create a Web distribution.
Changes in the distribution Origin settings,
  • Now for the original domain name we will specify the S3 domain which we have created and where we have uploaded some images.
  • Restricting bucket access as we want that the Users will always access our S3 content using the CloudFront URL and not Amazon S3 URLs.
  • Grant read permissions on the S3 bucket so that CloudFront can access objects in your Amazon S3 bucket.
  • Creating new Identity, so that users always access your Amazon S3 content using CloudFront URLs.
Changes in the distribution Cache behavior settings,
  • Select Redirection from HTTP to HTTPS
  • We will be going with the default cache Policy where TTL(Time To Live) 86400 i.e. 24 hours.
Changes in the distribution settings,
  • If we select Price Class, other than Use All Edge Locations, then users may experience higher latency.
  • Enabled standard logging to store logs on the S3 bucket of every viewer request send to the CloudFront distribution.
If we want to use the custom domain name to serve our content, we can make use of the CNAMEs field. 
Finally, click on Create Distribution and we can see that our distribution is ready.
Once it is deployed and running, we can configure lot many other settings like
And can restrict users from specific countries not to access our content.
We can also create Invalidations and if we have content that we want to purge from the cache, then we can specify the path and object names to invalidate.
AWS supports wildcards invalidation also and the objects will be invalidated in mere 5 -6 secs.
Invalidating objects removes them from CloudFront edge caches.
For example,
Now just pick the CloudFront domain and we can see that our content on S3 is being served from CloudFront but not from S3 directly and the URL is also secure even if I enter HTTP it changes to HTTPS as per the settings defined.
And the subsequent request for this resource/object will be served from CloudFront now as I have this object stored in the edge location already due to my previous request.
Also, if we check the access logs
We can see that folder named demo_logs (log-prefix) has been created in another bucket as soon as I access the image using the CloudFront domain.


So in this article, we have seen how we can create different S3 buckets to serve different purposes in CloudFront distribution and saw how we can actually set up Amazon CloudFront to create a secure and highly available CDN.
I hope you find this article helpful. Stay tuned for more … Cheers!!