Saturday, June 29, 2013

How to Manage CloudFront Distribution by CrossFTP

CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, and image files, to end users. CloudFront delivers your content through a worldwide network of edge locations. CrossFTP provides CloudFront distribution management tool for you to config the CloudFront more easily. Just choose CloudFront Distribution -> Manage CloudFront Distributions from the contextual menu.

First, please make sure you've enabled Amazon S3 API's CloudFront Distribution at Sites - Site Manger - S3 - API Set:

Create a new CloudFront Distribution

You can create two types of distributions:
  • A download distribution delivers content using HTTP or HTTPS. Using a download distribution, you can configure CloudFront to access your web content in any combination of up to 10 Amazon S3 buckets and custom origins.
  • A streaming distribution delivers digital media using Adobe Flash Media Server and the Real-Time Messaging Protocol. The origin for a streaming distribution is always one Amazon S3 bucket.
You can specify the following features for a distribution:

  • Alternate Domain Names (CNAMEs): Optional. Specify one or more domain names that you want to use for URLs for your objects instead of the domain name that CloudFront assigns when you create your distribution.
  • Default Root Object: Optional. The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL of your distribution ( instead of an object in your distribution ( Specifying a default root object avoids exposing the contents of your distribution. 
  • Comment: Optional. Enter any comments that you want to save with the distribution.
  • Logging: Optional. If you want CloudFront to log information about each request for an object and store the log files in an Amazon S3 bucket, select On, and specify the bucket and an optional prefix for the names of the log files. There is no extra charge to enable logging, but you accrue the usual Amazon S3 charges for storing and accessing the files. CloudFront doesn't delete the logs automatically, but you can delete them at any time. 

Update an existing CloudFront Distribution

 Similar to create a CloudFront distribution, you can update an existing distribution, as shown in Fig. 1.
Fig. 1. Update an Existing Distribution

Modify Origin Servers

When you create or update a distribution, you provide information about one or more locations—known as origins—where you store the original versions of your web content. CloudFront gets your web content from your origins and serves it to viewers via a world-wide network of edge servers. You can modify your origin settings in CrossFTP, as shown in Fig. 2. Each origin is either an Amazon S3 bucket or an HTTP server, for example, a web server.

Fig 2. Modify Origin Servers

You can press the Add button to create a new origin, or press the edit to modify an existing origin. Fig 3. shows the create/update dialog for the origin. The mean features of the origins are shown below:
  • Origin Types: S3 origin and custom origin.
    • S3 Origin: origin is an Amazon S3 bucket, the files must be publicly readable unless you secure your content in Amazon S3 by using a CloudFront origin access identity.
    • Custom Origin: origin is an HTTP server, and the files must be publicly readable. 
  • Origin Domain Name:  The DNS domain name of the Amazon S3 bucket or HTTP server from which you want CloudFront to get objects for this origin, for example, or
  • Origin ID: A string that uniquely distinguishes this origin from other origins in this distribution. If you create cache behaviors in addition to the default cache behavior, you use the origin ID that you specify here to identify the origin to which you want CloudFront to route a request when the request matches the path pattern for that cache behavior.
  • Origin Protocol Policy: The protocol policy that you want CloudFront to use when fetching objects from your origin server. If you specify HTTP Only, CloudFront only uses HTTP to access the origin.
Fig 3. Create/Update an Origin Server 

For S3 origin, you can make either public or private distribution. Private distribution attention 1: If you want to create a private distribution, you need to create a new origin access identity or use an existing one that is associated with your AWS account. You need also to grant the origin access identity the permission to read objects in your Amazon S3 bucket.

Modify Cache Behaviors

A cache behavior lets you configure a variety of CloudFront functionality for a given URL path pattern for files on your website. For example, one cache behavior might apply to all .jpg files in the images directory on a web server that you're using as an origin server for CloudFront.
When you create a new distribution, you specify settings for the default cache behavior, which automatically forwards all requests to the origin that you specify when you create the distribution. After you create a distribution, you can create additional cache behaviors that define how CloudFront responds when it receives a request for objects that match a path pattern, for example, *.jpg. If you create additional cache behaviors, the default cache behavior is always the last to be processed. Other cache behaviors are processed in the order in which they're listed, as shown in Fig 4.

Fig 4. Modify Cache Behaviors

You can press the Add button to create a cache behavior, or press the Edit to modify an existing behavior. Fig. 5 shows the Cache Behavior's editing dialog.

Fig 5. Create/Update a Cache Behavior 
  • Path Pattern: A path pattern (for example, /images/*.jpg) specifies which requests you want this cache behavior to apply to. When CloudFront receives an end-user request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution. The first match determines which cache behavior is applied to that request.
    You can use the following wildcard characters in your path pattern: 
    • * matches 0 or more characters. 
    • ? matches exactly 1 character. 
  • Origin: When you're adding cache behaviors to an existing distribution or updating an existing origin, the value of Origin ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. 
  • Viewer Protocol Policy: The protocol policy that you want viewers to use to access your content in the origin specified by Origin. If you specify HTTP and HTTPS, viewers can use both protocols. If you specify HTTPS Only, viewers are only allowed to access your content if they're using HTTPS.
  • Min TTL: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. For more information, see Specifying How Long Objects Stay in a CloudFront Edge Cache (Object Expiration).
  • Forward Query Strings: If your origin server returns different versions of an object based on a query string in the URL, toggle it. If your origin returns the same version of an object regardless of the query string, un-toggle it. This increases the likelihood that CloudFront can serve a request from the cache, which improves performance and reduces the load on your origin.
  • Trusted Signers: add trusted signers only when you're ready to start generating signed URLs for your objects. After you add trusted signers to a distribution, users must use signed URLs to access the objects that match the PathPattern for this cache behavior. Private Distribution attention 2: you need to have at least one trusted signer before you can sign the URLs for the private distribution objects.

 Private Distribution Wizard

Fig. 6 shows the private distribution wizard which helps to create a default private distribution config for your CloudFront. It handles 2 setups: 1. Add/select an origin access identity for your first S3 origin; 2. Add trusted signers for your default cache behavior. You can also setup these items in origin and cache behavior's corresponding dialogs if you do not want to use this wizard.
Fig 6. Private Distribution Wizard

Sign URL for Private Distribution

Firstly you need to make sure your private distribution is properly configured. Here is a check list:
  1. You have setup the Origin Access Identity in some of your S3 Origin, and granted it the read permission in your bucket by policy or by S3 permission setting.
  2. You have added the trusted signers in your cache behavior.

CloudFront Invalidation

You can remove one or multiple files from all edge locations prior to the expiration date set on those files. Check this URL for more details:

CrossFTP is a FTP, SFTP, FXP, WebDav, Amazon S3, Amazon Glacier and Google Cloud Storage client for Windows, Mac, and Linux.
CrossFTP Team


Lisa Nek said...

In this managing process if we need yo copy or move the long path file, we can easily do it by Long Path Tool.

meghanasmiley03 said...

I admire the valuable information you offer in your articles. I will bookmark your blog and have my friends check up here often. I am quite sure they will learn lots of new stuff here than anybody else! Regards aws jobs in hyderabad.

Sneha rathod said...

I read above blog, thanks for providing your information for more updates AWS Online Training India

IT Tutorials said...

It is really a great work and the way in which you are sharing the knowledge is excellent.
aws training in omr | aws training in velachery | best aws training center in chennai

Subarna Akter said...

This post is written in a very good and entails a lot of useful information, thanks for sharing.

best hotel management company
hotel management companies