In today’s digital landscape, delivering content quickly and efficiently is crucial for providing an excellent user experience. As more businesses shift to cloud solutions, leveraging services like Amazon S3 and AWS CloudFront can help create a scalable and cost-effective content delivery system tailored to users' needs.
In this project, we will develop a robust solution that allows for the storage and retrieval of various content types—such as images, videos, and documents—using Amazon S3. By integrating AWS CloudFront, we will ensure fast and secure distribution of this content to users around the globe. Additionally, we’ll implement access controls using AWS Identity and Access Management (IAM) to manage user permissions and restrict content access based on specific roles.
Key AWS Services Utilized
Amazon S3 : This service will serve as our primary storage solution for content files, providing durability and high availability.
AWS CloudFront: We will use CloudFront to deliver our content with low latency and high transfer speeds, enhancing the user experience regardless of their geographical location.
AWS IAM: This service will help us manage permissions and create user roles, ensuring that our content is accessed securely.
Lambda@Edge (optional): For those looking to add an extra layer of customization, Lambda@Edge will allow us to implement dynamic authorization or personalization logic based on user attributes like location or device type. However, I did not work on this but i can guide you through.
In this blog, we will walk through the step-by-step process of building this personalized content delivery system, exploring how each AWS service plays a vital role in the architecture.
Steps
- Log into your AWS Console
- Open AW Console and log in with your credentials.
2 . Create an S3 Bucket to store Your Content
Go to services and click on S3
Click Create bucket
Give your bucket a unique name (e.g., adah-content-delvery-bucket).
Select a region
Disable public access settings for security.
Create bucket.
Upload Content
- Open your bucket, click Upload, and add a few files (e.g., images or documents) to be used as content.
- Make sure the files are not publicly accessible (we’ll manage access via CloudFront).
3 . Set Up an AWS CloudFront Distribution
Go to Services and click on Cloudfront
Click Create Distribution and choose Web as the distribution method.
-
Under Origin Settings:
- Origin Domain: Select your S3 bucket from the dropdown
- Restrict Bucket Access: Set this to Yes to restrict access to only CloudFront requests.
- Origin Access Control: Create a new origin access control (OAC) to securely link CloudFront to your S3 bucket.
-
Default Cache Behaviour:
- Viewer Protocol Policy: Choose Redirect HTTP to HTTPS for secure access.
- Allowed HTTP Methods: Select GET, HEAD
-
Distribution Settings:
- Price Class: Select Use only North America and Europe to save costs if you are only testing.
- Click Create Distribution.
After creation, CloudFront will take a few minutes to deploy.
4 . Secure your s3 Bucket with Bucket Policy
Go back to S3, open your bucket, and go to the Permissions tab.
Under Bucket Policy, add a policy to allow CloudFront to access your bucket, but deny direct access to users.
(Replace my-content-delivery-bucket and your_Cloudfront_ID with your values as below).
5 . Set Up IAM Roles and Policies for Access Control
- Go to services and click on IAM
- Create roles for users if necessary, defining who has access to different parts of the content.
-
Choose Trusted Entity:
- Select AWS service if the role will be used by AWS resources (like Lambda) or Another AWS account if assigning roles to users within another AWS account.
Click Next: Permissions and search for the policy you created earlier (e.g., S3ReadOnlyAccessForCloudFront).
Select the policy and click Next: Tags (you can skip tags).
Click Next: Review.
Viewer Role: Assigns the S3ReadOnlyAccessForCloudFront policy to allow basic read-only access to S3 content.
Admin Role: If you have administrators who need more control, create a separate policy and role with broader permissions (e.g., listing and deleting objects).
Name the role
click Create role
6 . Add Lambda@Edge for Personalization (Optional)
If you want to add personalization (e.g., show content based on location), go to Lambda, click Create Function
Choose Author from scratch, then select Lambda@Edge as the trigger.
Write a basic function to inspect the user’s location or device type and adjust content URLs accordingly.
7 . Test Your Content Delivery System
- Access the CloudFront URL: Go to the CloudFront Distributions page, copy your CloudFront Domain Name
Append a file name to the URL to test access. For example, my CloudFront Domain Name is d3mbct2avaaf76.cloudfront.net
folder in S3= images
File name = myfile.jpg
Then, the complete CloudFront URL would be:
https://d3mbct2avaaf76.cloudfront.net/images/myfile.jpg
The folder structure in S3 is reflected in the CloudFront URI, so ensure you include any folder paths between the CloudFront domain name and the file name.
Ensure access is restricted as planned and that files load correctly through CloudFront.
If everything is set up correctly (including the S3 bucket policy, OAC, and CloudFront settings), the image should load through this URL.
8 . Set Up Monitoring in CloudWatch
Go to services and click CloudWatch
Set up basic monitoring for your CloudFront distribution to see request counts, cache hits/misses, and errors.
Optional: Add CloudWatch Alarms if you want to be notified of unusual activity.
By following these steps, you would have:
Configured S3 to store and secure your content.
Created a CloudFront distribution for fast and secure global access.
Set up access policies and optional Lambda functions for personalization.
This setup is cost-effective and scalable, making it an ideal AWS project to showcase your skills.
Top comments (0)