Skip to main content

Amazon AWS - Cloudfront configuration

Amazon Cloudfront Dynamic Content Delivery

HTTP GET and HEAD requests are currently supported by Amazon CloudFront. Over time, we will add support for POST requests.

 Our sample setup

You can convert your existing blog or setup a new blog from scratch to use cloudfront. For demonstration purpose, I'm going to setup a new blog called www.contentdeliverynetworklog.com and serve the whole blog via cloudfront as follows:
  1. Blog domain name: www.contentdeliverynetworklog.com (CNAME to cloudfront)
  2. Blog origin domain name: cp.contentdeliverynetworklog.com. To fetch web content from this origin web server.
  3. Static asset domain name: s0.contentdeliverynetworklog.net (CNAME to cloudfront).
  4. Static asset origin domain name: origin.contentdeliverynetworklog.net.
  5. Custom origin IP address for both static/dynamic assets: 75.126.153.203
  6. Caching ruleset for your dynamic and static assets: I am going to use a combination of Batcache+Memcached. However, you can use other plugins such as "W3 Total Cache" (not tested).
  7. DNS server: Route 53 (or use your existing BIND9 based dns servers).

Step #1: DNS setup for cp.contentdeliverynetworklog.com

First, point your custom origin domain cp.contentdeliverynetworklog.com to 75.126.153.203. A typical BIND 9 entry will look as follows in your zone file:
cp                     600      IN A     75.126.153.203

Step #2: Create a bucket

You may want CloudFront to log all viewer requests for files in your distribution. This is useful for stats program such as webalizer and awstats. You need to create a bucket by selecting a bucket name and region. This is required to store web server logs. Login to aws console > open the Amazon S3 console at https://console.aws.amazon.com/s3 > Click Create Bucket:
Fig.02: Create a bucket for access log
Fig.02: Create a bucket for access log
Please note that access logging is an optional feature of CloudFront. There is no extra charge for enabling access logging. However, you accrue the usual Amazon S3 charges for storing and accessing the files on Amazon S3. Please see this guide for more information on log file formats.

Step #3: Configure AWS Cloudfront Dynamic CDN for www.contentdeliverynetworklog.com

Now, let us see how to configure and use CloudFront to distribute dynamic and static content. I am going to create a CloudFront distribution and configure it to fetch web content from my origin web server called cp.contentdeliverynetworklog.com. First, open the Amazon Cloudfron console at https://console.aws.amazon.com/cloudfront > Click Create Distribution > Set a delivery method to Download > Continue.

Origin settings

  1. Set Origin Domain Name to cp.contentdeliverynetworklog.com
  2. Set Origin ID to CustomWWW-cp.contentdeliverynetworklog.com
  3. Set Origin Protocol Policy to HTTP Only (CloudFront will connect to my origin using only HTTP).
Fig.03: Origin settings
Fig.03: Origin settings

Default cache behavior settings

  1. Set Viewer Protocol Policy to HTTP and HTTPS.
  2. Set Object Caching to Use Origin Cache Headers. My origin server is adding a Cache-Control header to control how long your objects stay in the CloudFront cache. However, you can specify a minimum time that objects stay in the CloudFront cache regardless of Cache-Control headers by selecting Customize option and setting Minimum TTL in seconds (default is 24 hours).
  3. Set Forward Query Strings to Yes.
Fig.04: Configure default cache behavior settings
Fig.04: Configure default cache behavior settings

Distribution settings

The distribution settings affect both cdn performance and pricing. You need to select the price class associated with the maximum price that you want to pay for CloudFront service.
  1. Set Price Class to Use All Edge Locations.
  2. Set Alternate Domain Names(CNAMEs) to www.contentdeliverynetworklog.com. I want to use my own domain name instead of the CloudFront domain name for the blog URLs. You need need to create a CNAME record with DNS server to route queries for www.contentdeliverynetworklog.com to *.cloudfront.net.
  3. Set Logging to On.
  4. Set Bucket for Logs to webserverlog-contentdeliverynetworklog.s3.amazonaws.com (see step #2 create a bucket for more info).
  5. Set Log Prefix to stats-logs/.
  6. Finally, set Distribution State to Enabled.
Fig.05: Distribution edge settings
Fig.05: Distribution edge settings

Finally, click on the Create Distribution button. You will see the status as follows:
Fig.06: Cloudfront distribution setup in progress
Fig.06: Cloudfront distribution setup in progress

Please note down the domain name d3qrb8why8gyke.cloudfront.net.

Step #4: DNS CNAME setup for www.contentdeliverynetworklog.com

You need to create a CNAME record with DNS server to route queries for www.contentdeliverynetworklog.com to d3qrb8why8gyke.cloudfront.net. A typical BIND 9 CNAME entry will look as follows in your zone file:
www                    600      IN CNAME d3qrb8why8gyke.cloudfront.net

 

Labels:

Comments

  1. meghanasmiley03June 13, 2017 at 3:01 PM

    Nice post, I bookmark your blog because I found very good information on your blog, Thanks for sharing more information. Regards aws jobs in hyderabad.

    ReplyDelete
  2. UnknownAugust 29, 2017 at 5:07 PM

    Hi, I must appreciate you for providing such a valuable content for us. This is one amazing piece of article.

    Best Regards,
    AWS Online Training
    AWS Training
    Amazon Web Services Online Training in Hyderabad
    AWS Online Training in Hyderabad
    AWS Certification Online Training
    AWS Training Online
    AWS Certification Training
    AWS Training and Certification

    ReplyDelete
  3. UnknownMay 24, 2018 at 6:42 PM

    Hey..nice information i read your blog completely it's really good keep it up for more updates AWS Online Course

    ReplyDelete
  4. Azure DevOpsOctober 8, 2018 at 4:56 PM

    very useful information, the post shared was very nice.
    Amazon Web Services Online Training

    ReplyDelete
  5. Azure DevOpsOctober 13, 2018 at 1:29 PM

    This comment has been removed by the author.

    ReplyDelete
  6. JanuJune 5, 2020 at 2:53 PM

    I like this very much. It is very useful for my research. It shows your interest in this topic very well. I hope you will post some more information about the software. Please keep sharing!


    Dot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery

    ReplyDelete
  7. IICT TechnologiesJuly 28, 2020 at 6:34 AM

    Nice blog post on AWS
    AWS Training in Chennai | AWS Training Institute in Chennai | Best AWS Training in Chennai | AWS Training Class in Chennai | AWS Training Center in Chennai

    ReplyDelete
  8. Home ImprovementJuly 1, 2021 at 1:51 PM

    Great post I must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more. 4 ps of marketing

    ReplyDelete

Post a Comment

Popular posts from this blog

IPv4 header to requests when a client is using IPv6

  What is Pseudo IPv4? As a stopgap to accelerate the adoption of IPv6, Cloudflare offers Pseudo IPv4 which supports IPv6 addresses in legacy applications expecting IPv4 addresses. The goal is to provide a nearly unique IPv4 address for each IPv6 address, using Class E IPv4 address space, which is designated as experimental and would not normally see traffic. To learn more see  here . Options Add header:  Add additional Cf-Pseudo-IPv4 header only Overwrite headers:  Overwrite the existing Cf-Connecting-IP and X-Forwarded-For headers with a pseudo IPv4 address Cloudflare
Post a Comment
Read more

Intrusion detection system

An   intrusion detection system   ( IDS ) is a device or   software application   that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.  IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.  Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies.  IDPSes have become a necessary addition to the security infrastru...
Post a Comment
Read more