AWS CloudFront - Setup and Configuration

Last Updated : 23 Jul, 2025

If you want to speed up your website, reduce load times, and improve security, AWS CloudFront is your best bet. CloudFront is a Content Delivery Network (CDN) that distributes your website’s content through AWS edge locations worldwide, ensuring users get faster access with low latency.

In this guide, I’ll we will learn - Setting up of AWS CloudFront, configuring it with Amazon S3 and avoiding common mistakes to get the best performance.

Table of Content

Why Use AWS CloudFront?

If your website or app serves images, videos, APIs, or static files, CloudFront can:
1. Make your content load faster by caching it in edge locations near users.
2. Reduce bandwidth costs by serving cached files instead of making requests to your main server.
3. Improve security with SSL/TLS encryption and DDoS protection using AWS Shield.
4. Work seamlessly with AWS S3, EC2, API Gateway and Lambda@Edge.

Setting Up AWS CloudFront on the AWS Management Console

Step 1: Search for CloudFront in services and click the CloudFront link.

Search for CloudFront

Step 2: Click on create Distribution

Amazon CloudFront Started

Step 3: Click on Get Started

Click ON Get started

Step 4: Choose the origin domain name of the S3 bucket you created. Keep all the settings as default. Click on create a distribution.

Origin domain name

Step 5: Our AWS CloudFront is created. 

CloudFront Distributions

Setting Up S3 Bucket on AWS Management Console

Step 1: Go to services in the AWS management console and type S3. Click on S3 services link.

S3 Bucket

Step 2 :  Click on create bucket

Create Bucket

Step 3: Write the name of the bucket, select the region. Click Create.

Configure the bucket details

Step 4: The S3 bucket is created. Click on link of the bucket name.

S3 bucket

Step 5: Click on upload to upload the desired files you want to store in S3.

Upload the Objects

Step 6: Click on Add files and add files from your system.

Add files

Step 7: The added file will be visible now. Now upload this file by clicking on the Upload button.

Added File

Step 8: The files are now uploaded in your S3 bucket and ready for use.

File was uploaded

Key Mistakes to Avoid with AWS CloudFront

Even though CloudFront is a powerful tool, it’s easy to mess things up. Here are some mistakes you should avoid:

1. Caching Issues (Serving Old Content)

One of the most common problems is CloudFront serving outdated files even after you upload new versions.

Solution:

  • Set proper cache-control headers (max-age, s-maxage) on your S3 objects.
  • If you update your content, invalidate the cache to remove outdated files.
  • Use the command:
    aws cloudfront create-invalidation --distribution-id <id> --paths "/*"

2. Not Configuring SSL Correctly

If you’re using a custom domain, you must use HTTPS for security.

Solution:

  • Use AWS Certificate Manager (ACM) to generate a free SSL certificate.
  • Attach it to your CloudFront distribution to avoid SSL/TLS errors.

3. Wrong Access Control Settings

If some users can’t access your files or see permission errors, you may have incorrect access settings.

Solution:

  • Use Signed URLs or Signed Cookies for private content.
  • Enable Origin Access Identity (OAI) to restrict access to the S3 bucket.

4. Incorrect Origin Settings

If CloudFront can’t fetch content, your S3 bucket policy is likely wrong.

Solution: Update your S3 bucket policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudfront.amazonaws.com"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
    }
  ]
}

Amazon CloudFront Configuration Options

AWS CloudFront is a powerful tool that helps deliver content faster and more securely. But to get the best performance, you need to set it up correctly. Here’s a simple breakdown of the key configuration options and what they do.

1. Setting Up Your Origin (Where Your Content Lives)

The origin is the source of your content, like an S3 bucket, EC2 instance, or a web server. Here’s what you can configure:

  • Origin Domain Name: Select where CloudFront will fetch content from.
  • Origin Path: If your files are stored inside a folder (/media), you can specify it here.
  • Origin Access Control (OAI): Ensures that only CloudFront can access your S3 bucket, making it more secure.
  • Custom Headers: Send extra headers (e.g., authentication tokens) when CloudFront requests content.

2. Controlling How Content Is Cached (Speed & Performance)

CloudFront caches your content to reduce load on your server and improve speed. Here’s what you can tweak:

  • Path Patterns: Define rules for different file types (*.jpg for images, *.css for stylesheets).
  • Viewer Protocol Policy: Force HTTPS to keep connections secure.
  • Allowed HTTP Methods: Choose whether CloudFront should allow just GET & HEAD (for static content) or POST, PUT, DELETE (for APIs).
  • Query String Forwarding: Decide whether CloudFront should treat URLs like example.com/image.jpg?v=1 and example.com/image.jpg?v=2 as different files.

3. Cache Duration (How Long Content Stays in CloudFront)

CloudFront keeps copies of your content to avoid fetching it every time. You can control how long it stays cached:

  • Minimum TTL : The shortest time CloudFront will store a cached copy.
  • Default TTL : The usual cache duration if no other rules are set.
  • Maximum TTL : The longest time CloudFront will keep a cached file.

If your content changes often, set a lower TTL or use cache invalidation to refresh files manually.

4. Securing Your Content (SSL, Access Control & Geo-Restrictions)

CloudFront helps secure your website with built-in HTTPS, authentication, and access restrictions:

  • SSL/TLS Certificates : Secure your site with HTTPS using AWS Certificate Manager (ACM).
  • igned URLs & Signed Cookies : Protect private content by allowing access only to authenticated users.
  • Geo-Restriction (Geo-Blocking) : Block or allow access based on country (great for region-based licensing).
  • AWS WAF (Web Application Firewall) : Protect against DDoS attacks, SQL injection, and other threats.

5. Monitoring & Logging (Keeping Track of What’s Happening)

To understand how CloudFront is performing, use:

  • Access Logs : Save logs in S3 to track who’s accessing your content.
  • AWS CloudWatch Metrics : Get insights into traffic, errors, and cache performance.
  • Real-time Logging : Stream logs to Kinesis Data Streams for live monitoring.

6. Cost Optimization (Saving Money with CloudFront)

CloudFront has different pricing options:

  • Price Classes : Choose fewer edge locations to save money (e.g., use 50 locations instead of all).
  • Origin Shield : Adds an extra caching layer to reduce requests to your origin (saving bandwidth costs).

7. Enhancing Functionality (Adding Intelligence to CloudFront)

CloudFront isn’t just about speed—it can also modify content on the fly using:

  • Lambda@Edge : Run serverless functions at edge locations to modify requests, authenticate users, or personalize content.
  • CloudFront Functions : A lightweight, faster way to redirect traffic or change headers before content loads.

Conclusion

AWS CloudFront boosts content delivery speed, enhances security, and reduces latency. By following this guide, you’ve set up S3 as an origin, configured CloudFront, and avoided common pitfalls like caching issues, SSL misconfigurations, and access control errors.

To keep your setup optimized:

  • Manage caching to serve updated content.
  • Enable SSL/TLS for secure HTTPS connections.
  • Restrict access with Signed URLs, Cookies, or OAI.
  • Monitor performance using AWS CloudWatch.

With these best practices, your website will be faster, more secure, and scalable. Start optimizing with AWS CloudFront today!

Comment
Article Tags:
Amazon Web Services
DevOps

Explore