By the end of this hands-on exercise, you should be able to do the following:
Recap: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, and high transfer speeds, all within a developer-friendly environment.
In this task, you will store the file that you wish to distribute using Amazon CloudFront in a publicly accessible location. You will store the image file in a publicly accessible Amazon S3 bucket.
1. At the top of the page, search for and choose S3 in the search bar
2. Choose Create bucket and then configure:
3. Bucket name: Choose a unique bucket name. Enter cfxxxx (Replace xxxx with a random number. For example, if the random number is 1379, then the bucket name is cf1379. Make sure to remember this bucket name - you'll need it again in the next task!
4. AWS Regions: You will launch your S3 bucket at US-East (N.Virginia) us-east-1 (it depends on what you prefer to launch your S3 bucket)
5. For Object Ownership, select ACLs enabled* and then select Object writer
In this exercise, you will enable S3 ACLs for fine-grained control of your individual objects. However, it's generally advised to avoid using ACLs for broader permissions management because it can become complex and lead to users using the wrong access settings, making the system vulnerable. Bucket policies or IAM policies offers a more efficient, secure approach - we'll use ACLs for a straightforward method.
6. Scroll to the bottom of the screen, then choose Create bucket
7. Click into the S3 bucket you created.
8. Choose the Permissions tab
9. In the Block public access section, choose Edit
10. Deselect the Block all public access option*, and then leave all other options deselected.
Deselecting the "Block all public access" option in Amazon S3 allows buckets or objects within them to be accessible to the public. This setting is necessary if you need to provide broad, unauthenticated access (i.e. to anyone on the internet) for content on a website hosted in S3. Make sure only intended data is exposed and proper security measures are still enforced and accessible to authorised individuals or services.
11. Choose Save changes
12. Type confirm in the field to reassure AWS you want to do this, and then choose Confirm.
13. Choose Objects tab.
14. From the Objects tab, choose Upload.
15. Choose Add files.
16. Select an image that you would like to upload. Please upload images that end with .jpg, .jpeg or .png.
17. Scroll to the bottom of the screen, then choose Upload.
18. In the Files and folders section, select the file that you've uploaded.
19. Go to the Permissions tab, and then under the Access control list (ACL)*, choose Edit.
💡 *Editing the ACL means changing whether users or the public can view/download the object you've just stored in S3. This is useful for sharing content with others without requiring them to have AWS credentials. However, it's crucial to manage these permissions carefully to avoid unauthorised data access.
20. Under Everyone (public access):
21. Select Read for both Objects and Object ACL.
22. A yellow warning pops up, you might need to scroll to the bottom to see it. The warning tells you that everyone in the world can access this project if we select Read - exciting! Select the checkbox I understand the effects of these changes on this object.
23. Click Save changes.
24. In the Properties tab (you should be here automatically after the previous step), copy the value of Key and paste it in a text file on your laptop. You'll be using this ins a second.
25. Copy the value of Object URL and paste it into a new browser tab, then press Enter/return on your keyboard.
Using the S3 object's URL is not recommended for content distribution due to a lack of security and efficiency.
In this task, you will create an Amazon CloudFront web distribution that distributes the file stored in the publicly accessible Amazon S3 bucket.
5. On the Web Application Firewall (WAF) section, choose Do not enable security protections for now as this may incur a charge and we don't need to setup on this hands-on exercise.
6. Scroll to the bottom of the page, then choose Create Distribution.
7. The Last modified section shows Deploying. Once it's ready, it updates to a date and time value. It can take up to 10 minutes to be ready. Feel free to continue to the next step while you wait!
CloudFront knows where your Amazon S3 origin server is, and you know the domain name associated with the distribution. Create a link to your Amazon S3 bucket content with the distribution domain name. This will enable CloudFront to serve your content.
*An origin server is the S3 bucket where your web file is living in.
**In CloudFront, distribution refers to the setup configured to describe how content is delivered from AWS to the end user.
5. Save the text file to your computer as myimage.html.
6. Open the web page you just created in a browser to ensure that you can see your content. (This can be done by double-clicking the file or right-clicking the file and choosing Open with, and selecting any browser).
Don't see anything?
You can clean up your resources by deleting the Amazon CloudFront distribution and the Amazon S3 bucket.
4. The value of the State column immediately changes to Disabled.
5. Wait until the value of the Status column changes to Disabled. and Last modified column is updated with the last modified date and time.
6. Select the check box for your CloudFront distribution.
7. Choose Delete then:
8. Choose to Delete
9. Select your bucket again.
10. Choose Delete then:
11. Enter the name of your bucket.
12. Choose Delete bucket
You have now released the resources used by your CloudFront distribution and Amazon S3 bucket.
Congratulations! You now have successfully: