1. Answers
  2. Building an AWS CloudFront Distribution

How do I build an AWS CloudFront distribution?

To set up an AWS CloudFront distribution, you’ll need to follow a few steps to configure the origin, behaviors, and settings for your distribution. This guide will show you how to set up a CloudFront distribution using an S3 bucket as the origin.

Explanation:

  1. AWS Provider: This segment sets up the AWS provider to interact with AWS services.
  2. S3 Bucket: Creates an S3 bucket to serve as the origin for the CloudFront distribution.
  3. Origin Access Identity (OAI): Allows CloudFront to access the S3 bucket securely.
  4. Bucket Policy: Grants CloudFront (via OAI) permissions to read from the S3 bucket.
  5. CloudFront Distribution: The main resource that configures the CloudFront distribution with specified settings.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an S3 bucket to serve as the CloudFront origin
const bucket = new aws.s3.BucketV2("bucket", {
    bucket: "my-example-bucket",
    acl: "private",
});
// Create an Origin Access Identity (OAI) for CloudFront
const oai = new aws.cloudfront.OriginAccessIdentity("oai", {comment: "OAI for my-example-bucket"});
// Attach a bucket policy to grant CloudFront access to the S3 bucket
const bucketPolicy = new aws.s3.BucketPolicy("bucket_policy", {
    bucket: bucket.id,
    policy: pulumi.jsonStringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: {
                AWS: pulumi.interpolate`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${oai.cloudfrontAccessIdentityPath}`,
            },
            Action: "s3:GetObject",
            Resource: pulumi.interpolate`${bucket.arn}/*`,
        }],
    }),
});
// Create the CloudFront distribution
const distribution = new aws.cloudfront.Distribution("distribution", {
    origins: [{
        domainName: bucket.bucketDomainName,
        originId: pulumi.interpolate`S3-${bucket.id}`,
        s3OriginConfig: {
            originAccessIdentity: oai.cloudfrontAccessIdentityPath,
        },
    }],
    enabled: true,
    isIpv6Enabled: true,
    defaultRootObject: "index.html",
    defaultCacheBehavior: {
        allowedMethods: [
            "GET",
            "HEAD",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        targetOriginId: pulumi.interpolate`S3-${bucket.id}`,
        forwardedValues: {
            queryString: false,
            cookies: {
                forward: "none",
            },
        },
        viewerProtocolPolicy: "redirect-to-https",
        minTtl: 0,
        defaultTtl: 3600,
        maxTtl: 86400,
    },
    loggingConfig: {
        bucket: pulumi.interpolate`${bucket.bucketRegionalDomainName}/logs/`,
    },
    restrictions: {
        geoRestriction: {
            restrictionType: "none",
        },
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
    tags: {
        Name: "my-cloudfront-distribution",
    },
});
export const cloudfrontDistributionDomain = distribution.domainName;

Summary:

In this guide, you learned how to create an AWS CloudFront distribution with an S3 bucket origin and an Origin Access Identity (OAI) to securely serve content. This setup ensures that content is distributed globally with low latency using AWS CloudFront.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up