The following steps below are to set up an Amazon CloudFront distribution with the S3 endpoint type as the origin. As the origin, use a REST API endpoint with OAI.
1. access restrictions. We utilize the Amazon S3 console to establish a bucket and upload the website files.
In addition, we enter the following for the use case:
a) The bucket we built has an origin domain name.
b) Bucket Access Restrictions: Yes.
c) Create a New Identity for Origin Access.
d) Note: This is the default value. Alternatively, we might give the OAI a unique label.
e) Grant Bucket Read Permissions: Yes, the Bucket Policy should be updated.
3. To configure SSL, pick Default CloudFront Certificate from the SSL Certificate drop-down menu. Alternatively, you can use a Custom SSL Certificate.
To request a new certificate, we can choose Request or Import a Certificate using ACM.
If we have any Alternate domain names (CNAMEs) for the distribution, they should all be compatible with the SSL certificate we choose.
As the origin, use a website endpoint with anonymous access. This grants public read access to the bucket on the website.
Use a website endpoint as the origin, with a Referrer header limiting access.
We enter a random or secret value to restrict access to the origin.
5. Finally, we choose Create Distribution.
After that, we implement a bucket policy that lets us to use s3: GetObject. This is subject to the condition that the request contains the custom.
On the other hand, any request that does not include the custom Referrer header would be denied access.
To do so, we employ a bucket policy with an explicit deny statement.
At Velan, our server support engineers can help to set up Amazon CloudFront to Serve a Static Website. If you are interested in our service, please fill the Quick connect form to get in touch with us.