Table of Contents

• Settings
• Topics
  • Price Class
  • Ensure users S3 content only through Cloudfront
  • Zone ID of CloudFront Distributions
• How-to
  • Use custom domain and its ACM (AWS Certificate Manager)
  • Redirect HTTP to HTTPS
  • Invalidate objects (Web Dist Only)

Settings

Topics

Price Class

Price Classes let you reduce your delivery prices by excluding Amazon CloudFront’s more expensive edge locations from your Amazon CloudFront distribution.

Ensure users S3 content only through Cloudfront

1. Create origin_{accessidentity}

2. Allow this identity to access your private S3 bucket by updating bucket policy

   {
     "Version":"2012-10-17",
     "Id":"PolicyForCloudFrontPrivateContent",
     "Statement":[
       {
         "Sid":" Grant a CloudFront Origin Identity access to support private content",
         "Effect":"Allow",
         "Principal":{"CanonicalUser":"79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"},
         "Action":"s3:GetObject",
         "Resource":"arn:aws:s3:::example-bucket/*"
       }
     ]
   }

3. Set the identity to the cloudfront distribution.

Zone ID of CloudFront Distributions

It's globally a single one, which is Z2FDTNDATAQYW2

How-to

Use custom domain and its ACM (AWS Certificate Manager)

• Only supports ACM issued in us-east-1 (N. Virginia)

You must list any custom domain names (for example, www.example.com) that you use in addition to the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files. Specify up to 100 CNAMEs separated with commas or put each on a new line. You also must create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net. For more information, see the Help.

• You should create ALIAS records.

If you want to use ACM for both apex domain and subdomains, you should specify apex domain(example.com) along with wildcard domain(*.example.com) when you create ACM

Redirect HTTP to HTTPS

Within Behaviros tab:

Invalidate objects (Web Dist Only)

• Just put * to invalidate all objects.

Or you can use awscli as follows:

aws cloudfront create-invalidation --distribution-id <ID> --paths '/*'

• The first 1,000 invalidation paths that you submit per month are free;
• An invalidation path can be for a single object (such as /images/logo.jpg) or for multiple objects (such as /images/*).
• A path that includes the * wildcard counts as one path even if it causes CloudFront to invalidate thousands of objects.