Mayuresh
Mayuresh Full stack developer working on Ruby on Rails and React

Accessing Objects from a Private S3 Bucket through CloudFront

Accessing Objects from a Private S3 Bucket through CloudFront

In this blog, we will walk you through the process of accessing objects from a private S3 bucket through CloudFront. This will enable you to securely and efficiently deliver content to your users.

Step 1: Create a CloudFront Distribution

  1. Navigate to the CloudFront service page in your AWS Management Console.
  2. Click on “Create Distribution” to begin creating a new CloudFront distribution.
  3. In the distribution settings, choose the S3 bucket as the origin domain for the content you want to access via CloudFront.
  4. Assign a suitable name for the origin.
  5. Pay attention to the “Default Cache Behavior Settings” section. Ensure that the CORS (Cross-Origin Resource Sharing) headers are correctly set to allow access from CloudFront to your S3 bucket. This prevents CORS errors.
  6. Optionally, you can configure Web Application Firewall (WAF) rules for additional security.
  7. Once all settings are configured, create the CloudFront distribution.

Step 2: Update S3 Bucket Policy

To allow CloudFront access to your private S3 bucket, update the bucket policy as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "AllowCloudFrontServicePrincipal",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
            "Condition": {
                "StringEquals": {
                    "AWS:SourceArn": "ARN_OF_CLOUDFRONT_DISTRIBUTION"
                }
            }
        }
    ]
}

Replace “YOUR_BUCKET_NAME” with the name of your S3 bucket and “ARN_OF_CLOUDFRONT_DISTRIBUTION” with the ARN of your CloudFront distribution.

Step 3: Access Objects via CloudFront

After the CloudFront distribution is deployed and the S3 bucket policy is updated, you can access the objects using the CloudFront domain name.

CloudFront provides a Distribution Domain Name that you can use to access the objects in your S3 bucket. This domain name is automatically generated for each CloudFront distribution you create.

Simply use the CloudFront domain name followed by the path to the desired object to access it through CloudFront.

Conclusion

By following the steps outlined above, you can securely access objects from a private S3 bucket through CloudFront. This enables efficient content delivery and improved performance for your users.

comments powered by Disqus