Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🎁 Get 20% Off - Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC)

Harnessing the power of Amazon S3 and CloudFront, with the added advantage of Origin Access Control (OAC), offers many benefits for hosting a static website. With Amazon S3’s reliable and scalable storage, with CloudFront’s global content delivery network, a website can provide lightning-fast access to users worldwide.

Implementing OAC adds an essential layer of security that prevents direct access to the S3 bucket, mitigating potential security risks. OAC is also empowered with fine-grained control over access permissions, enabling us to define specific rules and restrictions.

In this step-by-step guide, we will delve into the seamless integration of Amazon S3, CloudFront, and Origin Access Control (OAC) to deploy a lightning-fast static website. Throughout this article, we will gain valuable insights and practical instructions to successfully deploy and leverage the remarkable capabilities of S3, CloudFront, and OAC, ensuring that a static website loads quickly, remain highly available, and provides an exceptional browsing experience.

Let us get started!

S3 bucket configuration

We have an existing S3 private bucket named tutorials-dojo-react-build-files. This bucket contains the build files for the static website. All of these objects are private and do not need to make public throughout this deployment.

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC)

NOTE: Observe that the Static website hosting is DISABLED

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 2

Creating Origin Access Control (OAC)

  • In the AWS Management Console, go to CloudFront, under Security, Create a Control Setting.

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 3

NOTE: Make sure that the Sign requests (recommended) option is selected

Create CloudFront Distribution

  • From CloudFront Dashboard, Click Distribution, then Create Distribution

Tutorials dojo strip

Select the target bucket from the dropdown:

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 4

  • In Origin Access, select Origin access control settings (recommended). Then select the OAC created from the previous steps.

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 5

NOTE: Unlike the legacy settings for Origin Access Identity (OAI), where there is an option to update the bucket policy automatically. For this setup, it needs to be manually updated always.

  • Leave the Default settings and then proceed to “Create Distribution”

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 6

After the “Distribution” is created, a bucket policy will be created. Make sure to copy and update the bucket policy in the S3 bucket. Then Save Changes.

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 7

  • Go Back to the created CloudFront Distribution and Edit the Settings:

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 8

  • Fill the Default root object with index.html

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 9

NOTE: Adding “index.html” as the default root object in the CloudFront distribution is essential for ensuring that visitors to the website can access the desired content without specifying the exact file name in the URL. By setting “index.html” as the default root object, CloudFront knows to look for this file and automatically serve it to the user. This eliminates the need for users to explicitly include “index.html” in the URL.

Access the website

  • Copy the distribution domain name from the CloudFront Distribution created previously:

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 10

  • Open the browser and paste the domain name in this example dgx107u4pf1u3.cloudfront.net. As we can see, the website can already be accessed from CloudFront.

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 11

  • Check if the website can be accessed from the CloudFront domain alone. If we try to access using S3 URL, we will encounter the following error:

Lightning-Fast Static Website with Amazon S3 and CloudFront with Origin Access Control (OAC) 12

This demonstrates the enhanced security and access control of this setup. OAC acts as a protective barrier, allowing only trusted sources like our CloudFront distribution to interact with the S3 bucket where our static website files are stored. By preventing direct access to the S3 bucket, OAC reduces the risk of unauthorized access attempts and potential data breaches.

Upon confirming this, we completed deploying a lightning-fast static website using Amazon S3 and CloudFront. We can now deliver our website content quickly and efficiently to users worldwide. With S3’s reliable storage, CloudFront’s global content delivery network, and the added benefits of Origin Access Control (OAC), we have the tools to create a secure, scalable, high-performance website.

 

References:

https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac

 

Get 20% Off – Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Bill Junidez Liad

Bill works as a Cloud and DevOps Engineer and is situated in the Philippines. He is actively engaged in furthering his knowledge of the cloud and has significant experience with Web Application Development and Amazon Web Services (AWS). He presently has three AWS Associate certifications. He enjoys biking outside of tech.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?