1. Answers
  2. How to set up CloudFront for an ALB?

How do I set up CloudFront for an ALB?

Setting up Amazon CloudFront for an Application Load Balancer (ALB) ensures that your applications benefit from the enhanced security, performance, and reliability offered by CloudFront. Below, we’ll configure CloudFront to serve content from ALB, using an example.

Steps to Set Up CloudFront with ALB

  1. Create an AWS Application Load Balancer (ALB): This acts as the origin for your distribution.
  2. Set Up the CloudFront Distribution: This front-loads the content from ALB to provide caching and serve content globally.
  3. Associate the ALB with CloudFront: Configure the distribution to point to the appropriate ALB endpoint.

Detailed Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the ALB security group
const albSg = new aws.ec2.SecurityGroup("alb_sg", {
    name: "alb_sg",
    description: "Security group for ALB",
    vpcId: "vpc-12345678",
    ingress: [{
        fromPort: 80,
        toPort: 80,
        protocol: "tcp",
        cidrBlocks: ["0.0.0.0/0"],
    }],
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
    }],
});
// Define the ALB
const appLb = new aws.lb.LoadBalancer("app_lb", {
    name: "app-lb",
    internal: false,
    loadBalancerType: "application",
    securityGroups: [albSg.id],
    subnets: [
        "subnet-0123456789abcdef0",
        "subnet-0fedcba9876543210",
    ],
    enableDeletionProtection: false,
});
// Create a listener for the ALB
const appLbListener = new aws.lb.Listener("app_lb_listener", {
    loadBalancerArn: appLb.arn,
    protocol: "HTTP",
    port: 80,
    defaultActions: [{
        type: "fixed-response",
        fixedResponse: {
            contentType: "text/plain",
            messageBody: "Hello from ALB",
            statusCode: "200",
        },
    }],
});
// Define a CloudFront Origin Access Identity
const originAccessIdentity = new aws.cloudfront.OriginAccessIdentity("origin_access_identity", {comment: "Access Identity for CloudFront to access ALB"});
// Create the CloudFront Distribution
const cfDistribution = new aws.cloudfront.Distribution("cf_distribution", {
    origins: [{
        domainName: appLb.dnsName,
        originId: "ALBOrigin",
    }],
    enabled: true,
    isIpv6Enabled: true,
    comment: "CloudFront Distribution for ALB",
    defaultRootObject: "index.html",
    defaultCacheBehavior: {
        targetOriginId: "ALBOrigin",
        viewerProtocolPolicy: "redirect-to-https",
        allowedMethods: [
            "GET",
            "HEAD",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        forwardedValues: {
            queryString: false,
            cookies: {
                forward: "none",
            },
        },
        minTtl: 0,
        defaultTtl: 3600,
        maxTtl: 86400,
    },
    tags: {
        Name: "ALB-CF-Distribution",
    },
    restrictions: {
        geoRestriction: {
            restrictionType: "none",
        },
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});
export const cloudfrontUrl = cfDistribution.domainName;

In this example, the code performs the following actions:

  • Sets up an AWS ALB with associated security group and listener.
  • Configures CloudFront with the ALB as the origin.
  • Specifies caching behavior and using CloudFront’s default SSL certificate.
  • Outputs the CloudFront URL.

This configuration ensures that CloudFront serves your ALB content securely and efficiently distributed globally.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up