LAB - Creating a CloudFront Distribution with Regional S3 Origins

PreviousLab: Creating a Multi-Region Network with VPC Peering Using SGs, IGW, and RTs NextLab: Creating and Configuring a Network Load Balancer in AWS

Last updated 4 months ago

Was this helpful?

LAB - Creating a CloudFront Distribution with Regional S3 Origins

Introduction

In this lab, we will be setting up a S3 bucket to serve as an origin for our CloudFront distribution by creating a S3 bucket, making it public, and creating a CloudFront distribution to help keep your site safer.

Solution

Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you're using the us-east-1 Region.
Optionally, download this to use as a file to be uploaded for this lab.

Create an S3 Bucket with Content

In the AWS Management Console, select S3.
Click the Create bucket button.
Under Bucket name, enter a name for your bucket, such as proxy followed by random digits.
Click the checkbox to remove the check next to Block all public access, which unblocks public access.
Click the checkbox next to I acknowledge that the current settings might result in this bucket and the objects within becoming public.
Click the Create bucket button.
Once the bucket is successfully created, click the link to the bucket in the Buckets section.
Click the Upload button.
Click the Add Files button.
Choose a file to be uploaded into the S3 bucket, such as the JPEG image from above.

Note For the CloudFront distribution in later steps, there can't be any spaces in your object's filename. Only alphanumeric characters, (abc123) and dashes ( - ) or underscores ( _ ).

Click the Upload button.

Add a Bucket Policy and Add a Tag on JPEG

Once the file has been successfully uploaded, click the link to the file in the Files and folders section.
Click the Object actions button in the top right.
From the dropdown menu, select Edit tags.
Click the Add tag button.
Under Key, enter public.
Under Value - optional, enter yes.
Click the Save changes button.
Click the link to the bucket in the Summary section.
Click the Permissions tab.
To the right of Bucket policy, click the Edit button.

Under Policy, paste the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
      "Condition": {
        "StringEquals": {
          "s3:ExistingObjectTag/public": "yes"
        }
      }
    }
  ]
}

In the policy, replace DOC-EXAMPLE-BUCKET with the name of your bucket.
Click the Save changes button. You should see that your bucket is now labeled as Publicly accessible.

Create a CloudFront Distribution

Click on the Objects tab.
Click the link for the object in your S3 bucket.
Copy the name of your object.
In the search bar on top of the console, enter cloudfront.
From the search results, select CloudFront.
Click the Create a CloudFront distribution button.
Under Origin domain, select your bucket listed under Amazon S3.
Under Web Application Firewall (WAF) select Do not enable security protections.
Scroll down to the bottom of the page and under Default root object - optional, paste or enter the name of your object.
Click the Create distribution button. This process can take up to 5-10 minutes to complete successfully.

Navigate to the Distribution

Once the distribution has successfully launched, copy the distribution name under Distribution domain name.
Open a new browser window or tab.
Paste the distribution name in the address bar. You should see the file that you uploaded to your S3 bucket as an object.

PreviousLab: Creating a Multi-Region Network with VPC Peering Using SGs, IGW, and RTs NextLab: Creating and Configuring a Network Load Balancer in AWS

Last updated 4 months ago

Was this helpful?

Introduction

Solution

Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you're using the us-east-1 Region.
Optionally, download this to use as a file to be uploaded for this lab.

Create an S3 Bucket with Content

In the AWS Management Console, select S3.
Click the Create bucket button.
Under Bucket name, enter a name for your bucket, such as proxy followed by random digits.
Click the checkbox to remove the check next to Block all public access, which unblocks public access.
Click the checkbox next to I acknowledge that the current settings might result in this bucket and the objects within becoming public.
Click the Create bucket button.
Once the bucket is successfully created, click the link to the bucket in the Buckets section.
Click the Upload button.
Click the Add Files button.
Choose a file to be uploaded into the S3 bucket, such as the JPEG image from above.

Note For the CloudFront distribution in later steps, there can't be any spaces in your object's filename. Only alphanumeric characters, (abc123) and dashes ( - ) or underscores ( _ ).

Click the Upload button.

Add a Bucket Policy and Add a Tag on JPEG

Once the file has been successfully uploaded, click the link to the file in the Files and folders section.
Click the Object actions button in the top right.
From the dropdown menu, select Edit tags.
Click the Add tag button.
Under Key, enter public.
Under Value - optional, enter yes.
Click the Save changes button.
Click the link to the bucket in the Summary section.
Click the Permissions tab.
To the right of Bucket policy, click the Edit button.

Under Policy, paste the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
      "Condition": {
        "StringEquals": {
          "s3:ExistingObjectTag/public": "yes"
        }
      }
    }
  ]
}

In the policy, replace DOC-EXAMPLE-BUCKET with the name of your bucket.
Click the Save changes button. You should see that your bucket is now labeled as Publicly accessible.

Create a CloudFront Distribution

Click on the Objects tab.
Click the link for the object in your S3 bucket.
Copy the name of your object.
In the search bar on top of the console, enter cloudfront.
From the search results, select CloudFront.
Click the Create a CloudFront distribution button.
Under Origin domain, select your bucket listed under Amazon S3.
Under Web Application Firewall (WAF) select Do not enable security protections.
Scroll down to the bottom of the page and under Default root object - optional, paste or enter the name of your object.
Click the Create distribution button. This process can take up to 5-10 minutes to complete successfully.

Navigate to the Distribution

Once the distribution has successfully launched, copy the distribution name under Distribution domain name.
Open a new browser window or tab.
Paste the distribution name in the address bar. You should see the file that you uploaded to your S3 bucket as an object.