Using CloudFront with AWS S3

Build on your understanding of AWS CloudFront in this practical.

We'll cover the following

Introduction

There are two ways of using S3 buckets as an origin for CloudFront:

  • Use S3 as an HTTP origin by enabling a static website.
  • Use an S3 bucket as an origin and only allow access to the bucket via CloudFront (by using OACs).

In this exercise, we’ll create a private S3 bucket, upload some files, and access them using a CloudFront distribution.

Note: We can’t use OAC when S3 is used as an HTTP origin.

Practical

In the widget below, we’ll take the following steps to demonstrate how to use CloudFront with private S3 buckets.

  • Create a private S3 bucket.
  • Create an OAC.
  • Create a CloudFront distribution.
  • Change the S3 bucket permissions to allow access to the bucket from the OAC.
  • Access the objects uploaded to S3 using the CloudFront endpoint.

Note: Even though the S3 bucket is private, we can access its contents using CloudFront. This is because we allow CloudFront OAC to access all objects in the bucket using the bucket policy.

Get hands-on with 1400+ tech skills courses.