AWS CloudFront Lab

Posted on Edited on In , , , Symbols count in article: 7.9k Reading time ≈ 7 mins.

CloudFront

Introduction to Amazon CloudFront

https://play.whizlabs.com/site/task_details?lab_type=1&task_id=9&quest_id=35

Lab Details

  1. This lab walks you through to Amazon CloudFront creation and working. In this lab you will create an Amazon CloudFront distribution. It will distribute a publicly accessible image file stored in an Amazon S3 bucket.
  2. Understand Custom Error Pages and Geo-Restriction.

Task Details

  1. Log into AWS Management Console.
  2. Create a S3 Bucket and upload an image to the sample S3 bucket provided.
  3. Create Custom Error pages.
  4. Make the image Publicly accessible.
  5. Create a new Amazon CloudFront distribution.
  6. Link the CloudFront distribution to serve the image in S3 bucket.
  7. Test the distribution.
  8. Update Distribution with Custom Error Pages and test.
  9. Create a Geo-Restriction.
  10. Test Geo-Restriction.

Architecture Diagram

S3 Configuration

Service -> S3

Create an S3 Bucket

On the S3 dashboard, click on Create bucket and fill in the bucket details.

  • Bucket name: yourBucketName
    • Note: S3 bucket names are globally unique, choose a name which is available.
  • Region: Select US East (N. Virginia)
  • Leave other settings as default.

Click Next then Next and go to the permissions and Uncheck the Block all Public Access and acknowledge the change.

Click on Next and Create bucket

Upload an object

Now upload an Object (.txt or .png). to your source bucket (the first one that located in N.Virginia)

Upload any file from your local machine.
On the S3 Buck list page, Click on youBucketName
Click on Overview tab.
Click on the Upload button.

Click on the Add files button.

Browse for the file you want to upload.

Click on Upload button.
You can watch the progress of the upload from within the transfer panel at the bottom of the screen. If it’s a small file, you might not see the transfer. Once your file has been uploaded, it will be displayed in the bucket.

Click on the file just uploaded.

Click on the Object URL.
Notice the URL.

Creating Custom Error Pages

We can create custom error pages for CloudFront to return when origin returns HTTP 4xx or 5xx errors. For this, we have to save the error pages in a location that is accessible to CloudFront.

We will be using the same S3 bucket to create the error pages.
To configure a custom error page, select your S3 bucket

Click on Create folder and create a folder by name CustomErrors
Click on Save

Creating error.html

  • Create an error.html file in your local machine and using terminal.
  • This custom HTML page will be used for showing errors in CloudFront.
  • Sample error.html content:
error.html
1
<html><h1>This is Error Page</h1></html>

Copy the below command and paste on your terminal, and press Enter

Shell
1
2
cd ~/Desktop
echo "<html><h1>This is Error Page</h1></html>" > error.html

See the error.html

Shell
1
cat error.html

Creating block.html

  • Create a block.html file in your local machine and using terminal.
  • This custom HTML page will be used for showing geo-restrictions of your content in CloudFront.
  • Sample block.html content:
block.html
1
<html><h1>This content is blocked in your location</h1></html>

Copy the below command and paste on your terminal, and press Enter

Shell
1
2
cd ~/Desktop
echo "<html><h1>This content is blocked in your location</h1></html>" > block.html

See the block.html

Shell
1
cat block.html

Upload the two files to your CustomErrors folder.

Click on new CustomErrors folder.

Click on Upload

Click on Add files
Go to your Desktop and select error.html and block.html

Click on Upload

Making the objects public

Click on the file that you uploaded to the root directory of the bucket. You can see the image details like Owner, size, link, etc.

Open the file Link in a new tab.
A sample URL: https://s3-cloudfront-2020.s3.amazonaws.com/tmp.txt

You will see the AccessDenied message, meaning the object is not publicly accessible.

Go back to the Bucket and click the Permissions tab.

Navigate to the Bucket Policy. Copy and paste the below policy and save the policy.
Note: Change the name of the bucket with your bucket name in the Resource marked in highlight.

S3 Public Access Bucket Policy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Principal": {
        "AWS": "*"
      },
      "Resource": "arn:aws:s3:::yourBucketName"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Principal": {
        "AWS": "*"
      },
      "Resource": "arn:aws:s3:::yourBucketName/*"
    }
  ]
}

Click on Save

Open the file URL again or refresh the one already open.

If you can see your uploaded image in the browser, it means your image is publicly accessible. If not, check your bucket policy again.

CloudFront Configuration

Service -> CloudFront

Creating CloudFront Distribution

Click on Create Distribution.

Select Get Started from the delivery method Web.

Now configure distribution as follows-:

  • Origin Domain Name: Select your S3 bucket

No need to change anything in configuration, scroll down and click on the Create Distribution.

You can see the Status column shows In Progress for your distribution. After Amazon CloudFront has created your distribution, the Status for your distribution will change to Deployed. At this point, it will be ready to process requests.

  • Note: This process will take around 15-20 minutes.

The domain name that Amazon CloudFront assigns to your distribution appears in the list of distributions. It will look similar to d1hmlwhed8zk6q.cloudfront.net

Click on your ID

Copy the Domain Name and paste to another tab on your browser, add /yourFilename to the end of URL.

Our CloudFront distribution works well.
Go through the next steps.

Configuring Custom Error Page

Navigate back to CloudFront Dashboard and select the distribution created and click on Distribute Settings.

On the settings page, select Error Pages tab.

Click on the Create Custom Error Response.

Now we need to set up our custom error page:

  • Http Error Code: Select 404: Not Found
  • Customize Error Response: Yes
  • Response Page Path: /CustomErrors/error.html
  • HTTP Response Code: Select 404: Not Found

Click on Create.

Navigate back to Distributions and wait for your distribution to complete state to change Deploy.

  • Note: This process will take around 15 minutes.
  • Once the state has been changed to Deployed, we will test the error page.

Enter the URL of an file which does not exist in your S3 bucket with CloudFront domain name

  • e.g, http://d2eaxmqphq95b6.cloudfront.net/tmp.txt

Before Deployed

After Deployed, refresh the page.

If you can see your HTML error page in the browser, it means you successfully set up your custom error page.

Restricting the Geographic Distribution of Your Content

If you need to prevent users in selected countries from accessing your content, you can specify either a whitelist (countries where they can access your content) or a blacklist (countries where they cannot) by using restrictions.

On the distribution settings page, select Restrictions and select Geo Restriction tab, then click on Edit.

Enable Geo-Restriction : Select Yes

Restriction Type : Blacklist

Select the country where you are currently and click on Add to check this option.

On enabling this option, the request from the specified country which is “Blacklisted”, will not be displayed and a default error message is displayed.

Click on Yes, Edit.

Go to the distribution list and wait for your distribution to complete the state change to Deployed.

Once the state has been changed to Deployed, we will test the restriction through CloudFront in the browser.

  • e,g, http://d2eaxmqphq95b6.cloudfront.net/tmp.txt

Before Deployed

You can see the following error message:

  • 403: Error The Amazon CloudFront distribution is configured to block access from your country.

Let us configure custom error page:

Navigate back to CloudFront Dashboard and select the distribution created and click on Distribution Settings.

On the settings page, select Error Pages tab.

Click on the Create Error Response.

Now we need to set up our custom error page:

Http Error Code: Select 403: Forbidden

Customize Error Response : Yes

Response Page Path: /CustomErrors/block.html

HTTP Response Code: Select 403: Forbidden

Click on Create.

Navigate back to Distributions and wait for your distribution to complete state to change Deployed.

  • Note: This process will take around 15 minutes.

Once the state has been changed to Deployed, we will test restriction through CloudFront in the browser.

    • e,g, http://d2eaxmqphq95b6.cloudfront.net/tmp.txt

If you see the error, this means you successfully configured custom error page and restricted file access from your country.

Before Deployed

After Deployed, refresh the page

Completion and Conclusion

  1. You have successfully created an Amazon CloudFront distribution and published an image through CloudFront.
  2. You learned how to configure Custom Error Pages for CloudFront Distribution.
  3. You learned how to configure restrictions based on Geo-location.