0
0
AwsHow-ToBeginner · 4 min read

How to Create AWS CloudFront Distribution: Step-by-Step Guide

To create a CloudFront distribution, define the origin (where your content lives) and configure settings like caching and SSL. You can create it via the AWS Management Console or using AWS CLI with the create-distribution command specifying your origin domain and default cache behavior.
📐

Syntax

The basic syntax to create a CloudFront distribution using AWS CLI involves specifying the origin domain and cache behavior settings in a JSON configuration file. Key parts include:

  • Origins: The source of your content, like an S3 bucket or web server.
  • DefaultCacheBehavior: How CloudFront handles requests, including allowed HTTP methods and caching.
  • Enabled: Whether the distribution is active.
json
{
  "CallerReference": "unique-string",
  "Origins": {
    "Quantity": 1,
    "Items": [
      {
        "Id": "origin1",
        "DomainName": "example-bucket.s3.amazonaws.com",
        "S3OriginConfig": {"OriginAccessIdentity": ""}
      }
    ]
  },
  "DefaultCacheBehavior": {
    "TargetOriginId": "origin1",
    "ViewerProtocolPolicy": "redirect-to-https",
    "AllowedMethods": {
      "Quantity": 2,
      "Items": ["GET", "HEAD"]
    },
    "ForwardedValues": {
      "QueryString": false,
      "Cookies": {"Forward": "none"}
    },
    "TrustedSigners": {"Enabled": false, "Quantity": 0}
  },
  "Enabled": true
}
💻

Example

This example shows how to create a CloudFront distribution using AWS CLI with a JSON config file. It sets an S3 bucket as the origin and enables HTTPS redirect.

bash
# Save this JSON as config.json
{
  "CallerReference": "unique-12345",
  "Origins": {
    "Quantity": 1,
    "Items": [
      {
        "Id": "S3-origin",
        "DomainName": "my-example-bucket.s3.amazonaws.com",
        "S3OriginConfig": {"OriginAccessIdentity": ""}
      }
    ]
  },
  "DefaultCacheBehavior": {
    "TargetOriginId": "S3-origin",
    "ViewerProtocolPolicy": "redirect-to-https",
    "AllowedMethods": {
      "Quantity": 2,
      "Items": ["GET", "HEAD"]
    },
    "ForwardedValues": {
      "QueryString": false,
      "Cookies": {"Forward": "none"}
    },
    "TrustedSigners": {"Enabled": false, "Quantity": 0}
  },
  "Enabled": true
}

# Run this command in terminal
aws cloudfront create-distribution --distribution-config file://config.json
Output
{ "Distribution": { "Id": "E123ABC456DEF", "Status": "InProgress", "DomainName": "d123abc.cloudfront.net", "Enabled": true }, "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E123ABC456DEF", "ETag": "E2QWRUHAPOMQZL" }
⚠️

Common Pitfalls

Common mistakes when creating CloudFront distributions include:

  • Using incorrect origin domain names, causing CloudFront to fail fetching content.
  • Not enabling the distribution after creation, so it stays inactive.
  • Forgetting to set ViewerProtocolPolicy to redirect HTTP to HTTPS, which can cause security issues.
  • Misconfiguring cache behaviors, leading to stale or missing content.

Always double-check your JSON config and test the distribution URL after creation.

json
Wrong example (missing Enabled flag):
{
  "CallerReference": "unique-123",
  "Origins": {"Quantity":1,"Items":[{"Id":"origin1","DomainName":"example.com","S3OriginConfig":{"OriginAccessIdentity":""}}]},
  "DefaultCacheBehavior": {"TargetOriginId":"origin1","ViewerProtocolPolicy":"allow-all","AllowedMethods":{"Quantity":2,"Items":["GET","HEAD"]},"ForwardedValues":{"QueryString":false,"Cookies":{"Forward":"none"}},"TrustedSigners":{"Enabled":false,"Quantity":0}}
}

Right example (Enabled true):
{
  "CallerReference": "unique-123",
  "Origins": {"Quantity":1,"Items":[{"Id":"origin1","DomainName":"example.com","S3OriginConfig":{"OriginAccessIdentity":""}}]},
  "DefaultCacheBehavior": {"TargetOriginId":"origin1","ViewerProtocolPolicy":"redirect-to-https","AllowedMethods":{"Quantity":2,"Items":["GET","HEAD"]},"ForwardedValues":{"QueryString":false,"Cookies":{"Forward":"none"}},"TrustedSigners":{"Enabled":false,"Quantity":0}},
  "Enabled": true
}
📊

Quick Reference

Here is a quick summary of key CloudFront distribution settings:

SettingDescriptionExample Value
CallerReferenceUnique string to identify the request"unique-12345"
OriginsList of origin servers for content[{"Id":"origin1","DomainName":"example.com"}]
DefaultCacheBehaviorRules for caching and request handling{"ViewerProtocolPolicy":"redirect-to-https"}
EnabledWhether distribution is activetrue
ViewerProtocolPolicyHTTP to HTTPS redirect policy"redirect-to-https"
AllowedMethodsHTTP methods allowed["GET", "HEAD"]

Key Takeaways

Always specify a valid origin domain when creating a CloudFront distribution.
Set Enabled to true to activate the distribution after creation.
Use ViewerProtocolPolicy 'redirect-to-https' to enforce secure connections.
Test your distribution URL to confirm content delivery works as expected.
Use AWS CLI with a JSON config file for repeatable and clear distribution setup.

Related by keyword

How to Configure AWS CLI: Step-by-Step GuideGetting StartedHow to Create AWS Account: Step-by-Step GuideGetting StartedHow to Install AWS CLI: Step-by-Step GuideGetting StartedHow to Create IAM Group in AWS: Step-by-Step GuideIAMHow to Create IAM Policy in AWS: Step-by-Step GuideIAM

Up next

How to Use Global Tables in DynamoDB for Multi-Region ReplicationWhat is DynamoDB in AWS: Simple Explanation and Use CasesA Record vs CNAME vs Alias in Route 53: Key Differences and UsageHow to Create a Hosted Zone in AWS Route 53

More in CloudFront

CloudFront vs S3 Direct Access: Key Differences and When to Use EachHow to Invalidate CloudFront Cache Quickly and CorrectlyHow to Set Cache Policy in AWS CloudFrontHow to Use AWS CloudFront with Application Load Balancer (ALB)