Using CloudFront OAC to Serve Static Websites from Private S3 Buckets

Using CloudFront OAC to Serve Static Websites from Private S3 Buckets

Clock Icon2024.08.07

Introduction

Hello, I'm Hemanth from the Alliance Department. In this blog, I will demonstrate how to serve a static website on AWS using a private S3 bucket and CloudFront Origin Access Control (OAC). This approach ensures your content is delivered securely and efficiently.

AWS

Amazon Web Services, or AWS, is a cloud service platform that provides content distribution, database storage, processing capacity, and other features to support corporate expansion. AWS has offered a broad range of services in many different categories, including Compute, Storage, Networking, Database, Management Tools, and Security.

S3

Simple and popular AWS Service for storage. Replicates data by default across multiple facilities. It charges per usage. It is deeply integrated with AWS Services. Buckets are logical storage units. Objects are data added to the bucket. S3 has a storage class on object level which can save money by moving less frequently accessed objects to a colder storage class.

CloudFront

Low latency and fast transfer speeds, Amazon CloudFront is a quick content delivery network (CDN) solution that securely sends data, videos, apps, and APIs to clients all over the world. In addition to providing cutting-edge security capabilities like DDoS defense and field-level encryption, CloudFront interfaces with AWS services.

Demo

Click on Create bucket.
Screenshot 2024-08-06 at 14.08.36
Provide a bucket name and keep other settings as default.
Screenshot 2024-08-06 at 14.14.32
Click on Create bucket.
Screenshot 2024-08-06 at 14.14.45
Bucket successfully created.
Screenshot 2024-08-06 at 14.16.36
Go into the bucket and click on Properties.
Screenshot 2024-08-06 at 14.17.31
Scroll down and click on Edit in the Static website hosting section.
Screenshot 2024-08-06 at 14.17.43
Enable static website hosting, select the hosting type as Static website hosting, and provide your index document name.
Screenshot 2024-08-06 at 14.20.38
Keep other settings as default, scroll down, and click on Save changes.
Screenshot 2024-08-06 at 14.21.57
Successfully edited the static website hosting configuration.
Screenshot 2024-08-06 at 14.34.25
Upload your objects, especially the index.html file, into the S3 bucket.
Screenshot 2024-08-06 at 14.37.06
Screenshot 2024-08-06 at 14.36.34
Search for CloudFront in the AWS Management Console and click on it.
Screenshot 2024-08-06 at 14.39.49
In the security section, click on Origin access.
Screenshot 2024-08-06 at 14.41.04
Click on Create control setting, provide a name, and create the OAC. This OAC will be used to connect CloudFront with the S3 bucket.
Screenshot 2024-08-06 at 14.42.41
Screenshot 2024-08-06 at 14.45.00
Now create the CloudFront distribution by clicking on Create distribution.
Screenshot 2024-08-06 at 14.48.25
In the origin domain, select the previously created S3 bucket, and in the origin access settings, select the previously created OAC.
Screenshot 2024-08-06 at 14.50.26
Disable WAF (Web Application Firewall) as it is not needed currently.
Screenshot 2024-08-06 at 14.53.24
Keep other settings as default and click on Create distribution.
Screenshot 2024-08-06 at 14.54.13
Successfully created the distribution.
Screenshot 2024-08-06 at 14.54.58
Go back to the S3 bucket and click on the Permissions tab.
Screenshot 2024-08-06 at 14.56.32
Click on Edit in the Bucket policy section.
Screenshot 2024-08-06 at 14.57.25
Copy and paste the following bucket policy, making the necessary changes (e.g., bucket name, AWS account number, CloudFront distribution ID). Then click on Save changes.
Screenshot 2024-08-06 at 16.14.03
Screenshot 2024-08-06 at 16.32.14
In CloudFront, go to your distribution and under General settings, click on Edit.
Screenshot 2024-08-07 at 10.36.17
In the default root object, enter index.html and click on Save changes.
Screenshot 2024-08-07 at 10.37.57
Copy the CloudFront distribution domain name and paste it into a new browser tab. Your static website should be successfully deployed and accessible.
Screenshot 2024-08-07 at 10.40.45

Conclusion

S3 and CloudFront with Origin Access Control are two AWS technologies that you may use to host static websites securely and with improved scalability and speed. With this configuration, you can be guaranteed that your material can only be accessed via CloudFront, which increases security and speeds up delivery to users across the globe. This method offers a strong option for hosting static webpages by combining the scalability of S3, the security of OAC, and the performance of CloudFront.

Share this article

facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.