Prerequisites
Before we start, make sure that you have the following prerequisites:
- An AWS account
- AWS CLI installed on your local machine
- A domain name registered with Amazon Route 53 or another DNS service
- A S3 bucket with the static content you want to distribute via CloudFront.
Step 1: Configure AWS CLI
To start, we need to configure the AWS CLI. Open a terminal and run the following command: aws configure
You will be prompted to enter your AWS access key ID and secret access key. You will also need to specify your default region and output format. Enter your details as prompted.
Step 2: Create a CloudFront Origin Access Identity (OAI)
An Origin Access Identity (OAI) is a special CloudFront user that you create to protect your S3 bucket.
Run the following command to create a new OAI:
aws cloudfront create-cloud-front-origin-access-identity --cloud-front-origin-access-identity-config CallerReference=my-reference,Cookies={'Forward':'none'},Comment=my-comment
Replace “my-reference” and “my-comment” with your own values.
Step 3: Set Permissions for your S3 Bucket
Next, we need to set permissions for your S3 bucket so that only CloudFront can access it.
Run the following command to grant read permissions to the OAI:
aws s3api put-bucket-policy --bucket my-bucket --policy '{"Version":"2012-10-17","Id":"my-policy","Statement":[{"Sid":"1","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity my-id"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::my-bucket/*"}]}'
Replace “my-bucket” with the name of your S3 bucket, and “my-id” with the ID of the OAI you created in step 2.
Step 4: Create a CloudFront Distribution
Now, we can create a new CloudFront distribution using the following command:
aws cloudfront create-distribution --distribution-config file://my-config.json
Replace “my-config.json” with the path to a JSON file containing your CloudFront distribution configuration.
Here’s an example of what your configuration file might look like:
{
"CallerReference": "my-reference",
"Comment": "my-comment",
"DefaultCacheBehavior": {
"TargetOriginId": "my-origin",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "redirect-to-https",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
}
},
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "my-origin",
"DomainName": "my-bucket.s3.amazonaws.com",
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/my-id"
}
}
]
},
"PriceClass": "PriceClass_100",
"Enabled": true
}
Replace “my-reference”, “my-comment”, “my-origin”, “my-bucket”, and “my-id” with your own values.
### Step 5: Verify the CloudFront Distribution Once the distribution has been created, you can use the following command to verify its status:
aws cloudfront get-distribution --id my-distribution-id
Replace “my-distribution-id” with the ID of the CloudFront distribution you just created.
The output will include information about the distribution, including its status. Wait until the status shows as “Deployed” before proceeding to the next step.
### Step 6: Update DNS to Point to CloudFront
Finally, you will need to update your DNS records to point to the CloudFront distribution.
Go to your DNS service provider and create a new CNAME record pointing to your CloudFront domain name. You can find the domain name in the output of the “get-distribution” command in the previous step.
It may take some time for the DNS changes to propagate. Once they have propagated, you should be able to access your content via the CloudFront distribution.
Congratulations, you have successfully deployed a CloudFront distribution on AWS using the CLI commands!