Skip to content

Latest commit

 

History

History
38 lines (30 loc) · 2.86 KB

README.md

File metadata and controls

38 lines (30 loc) · 2.86 KB
Raw

Step 2: Create Amazon CloudFront Distribution

In this step you will create an Amazon CloudFront distribution with your Amazon S3 bucket created in Step 1 as source. You will also restrict access to the bucket by using an Origin Access Identity (OAI).

Create Distribution

  1. Log into your AWS account and navigate to the Amazon CloudFront Management Console.
  2. Choose Create Distribution.
  3. Under Web, choose Get Started.
  4. For Origin Domain Name choose your Amazon S3 Bucket from Step 1.
  5. For Restrict Bucket Access choose Yes.
  6. For Origin Access Identity choose Create a New Identity.
  7. For Grant Read Permissions on Bucket choose Yes, Update Bucket Policy. This will automatically add an Amazon Bucket policy to the your bucket allowing only this CloudFront distribution to read from the bucket.
  8. Leave everything else as default and choose Create Distribution.
  9. In the distribution details screen, note the Distribution Status. Wait for the status to change from In Progress to Deployed. It can take upward of 5 minutes for the process to complete.
  10. Under Domain Name copy the FQDN, similar to dxxxxxxxxxz.cloudfront.net.

Test Public Distribution

You want to test to verify that the distribution is setup correctly and has access to the Amazon S3 contents.

Use your browser and enter the URL https://dxxxxxxxxxz.cloudfront.net/sample.html. Remember to replace the domain name with your FQDN. Your sample webpage should come up correctly. However, anyone with your URL can access your Amazon S3 contents.

Secure Distribution

Next you want to secure the Amazon CloudFront distribution to restrict public access.

  1. Choose the Distribution ID to open the detail view.
  2. Choose the Behaviors tab.
  3. Select the default Origin or Origin Group and choose Edit.
  4. Under Restrict Viewer Access (Use Signed URLs or Signed Cookies) choose Yes to expand the Trusted Key Groups or Trusted Signer option.
  5. Under Trusted Key Groups or Trusted Signer, select Trusted Signer. (Note: you will change this to Trusted Key Groups in later section.)
  6. Under Trusted Signers select Self.
  7. Choose Yes, Edit to save the changes.

Test Secured Distribution

Now you want to test to verify that the distribution is restricted. Refresh the webpage and you should see the error message:

Missing Key-Pair-Id query parameter or cookie value

In this step you created an Amazon CloudFront distribution to distribute your Amazon S3 private contents. You then secured the distribution by using the Restrict Viewer Access option.

In Step 3, you will create the CloudFront Key Groups