Amazon CloudFront
Developer Guide (API Version 2016-09-29)

Getting Started with CloudFront

The example in this topic gives you a quick overview of how to use CloudFront to:

  • Store the original versions of your objects in one Amazon Simple Storage Service (Amazon S3) bucket.

  • Distribute download content such as text or graphics.

  • Make your objects accessible to everyone.

  • Use the CloudFront domain name in URLs for your objects (for example, instead of your own domain name (for example,

  • Keep your objects in CloudFront edge locations for the default duration of 24 hours. (The minimum duration is 0 seconds.)

For information about how to use CloudFront when you want to use other options, see Task List for Creating a Web Distribution or Task List for Streaming Media Files Using RTMP.

You only need to perform a few basic steps to start delivering your content using CloudFront. The first step is signing up. After that, you create a CloudFront distribution, and then use the CloudFront domain name to reference content in your web pages or applications.

Step 1: Sign up for Amazon Web Services

If you haven't already done so, sign up for Amazon Web Services at Just choose Sign Up Now and enter any required information.

Step 2: Upload your content to Amazon S3 and grant object permissions

An Amazon S3 bucket is a container that can contain objects or folders. CloudFront can distribute almost any type of object for you using an Amazon S3 bucket as the source, for example, text, images, and videos. You can create multiple buckets, and there is no limit to the amount of data that you can store on Amazon S3.

By default, your Amazon S3 bucket and all of the objects in it are private—only the AWS account that created the bucket has permission to read or write the objects in it. If you want to allow anyone to access the objects in your Amazon S3 bucket using CloudFront URLs, you must grant public read permissions to the objects. (This is one of the most common mistakes when working with CloudFront and Amazon S3. You must explicitly grant privileges to each object in an Amazon S3 bucket.)


If you want to restrict who can download your content, you can use the CloudFront private content feature. For more information about distributing private content, see Serving Private Content through CloudFront.

To upload your content to Amazon S3 and grant read permission to everyone

  1. Sign in to the AWS Management Console and open the Amazon S3 console at

  2. In the Amazon S3 console, choose Create Bucket.

  3. In the Create Bucket dialog, enter a bucket name.


    For your bucket to work with CloudFront, the name must conform to DNS naming requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.

  4. Select a region for your bucket. By default, Amazon S3 creates buckets in the US East (N. Virginia) region. We recommend that you choose a region close to you to optimize latency, minimize costs, or to address regulatory requirements.

  5. Choose Create.

  6. Select your bucket in the Buckets pane, and choose Upload.

  7. On the Upload - Select Files page, choose Add Files, and choose the files that you want to upload.

						Upload files to your Amazon S3 bucket.
  8. Enable public read privileges for each object that you upload to your Amazon S3 bucket.

    1. Choose Set Details.

    2. On the Set Details page, choose Set Permissions.

    3. On the Set Permissions page, choose Make everything public.

  9. Choose Start Upload.

    After the upload completes, you can navigate to this item by its URL. In the case of the previous example, the URL would be:

    Use your Amazon S3 URL to verify that your content is publicly accessible, but remember that this is not the URL you will use when you are ready to distribute your content.

Step 3: Create a CloudFront Web Distribution

To create a CloudFront web distribution

  1. Open the CloudFront console at

  2. Choose Create Distribution.

  3. On the Select a delivery method for your content page, in the Web section, choose Get Started.

							Select Web as the distribution type.
  4. On the Create Distribution page, under Origin Settings, choose the Amazon S3 bucket that you created earlier. For Origin ID, Origin Path, Restrict Bucket Access, and Origin Custom Headers, accept the default values.

						Specify the Amazon S3 bucket.
  5. Under Default Cache Behavior Settings, accept the default values, and CloudFront will:

    • Forward all requests that use the CloudFront URL for your distribution (for example, to the Amazon S3 bucket that you specified in Step 4.

    • Allow end users to use either HTTP or HTTPS to access your objects.

    • Respond to requests for your objects.

    • Cache your objects at CloudFront edge locations for 24 hours.

    • Forward only the default request headers to your origin and not cache your objects based on the values in the headers.

    • Exclude cookies and query string parameters, if any, when forwarding requests for objects to your origin. (Amazon S3 doesn't process cookies and processes only a limited set of query string parameters.)

    • Not be configured to distribute media files in the Microsoft Smooth Streaming format.

    • Allow everyone to view your content.

    • Not automatically compress your content.

    For more information about cache behavior options, see Cache Behavior Settings.

							Define cache behavior.
  6. Under Distribution Settings, enter the applicable values:

    Price Class

    Select the price class that corresponds with the maximum price that you want to pay for CloudFront service. By default, CloudFront serves your objects from edge locations in all CloudFront regions.

    For more information about price classes and about how your choice of price class affects CloudFront performance for your distribution, go to Choosing the Price Class for a CloudFront Distribution. For information about CloudFront pricing, including how price classes map to CloudFront regions, go to Amazon CloudFront Pricing.


    If you want to use AWS WAF to allow or block HTTP and HTTPS requests based on criteria that you specify, choose the web ACL to associate with this distribution. For more information about AWS WAF, see the AWS WAF Developer Guide.

    Alternate Domain Names (CNAMEs) (Optional)

    Specify one or more domain names that you want to use for URLs for your objects instead of the domain name that CloudFront assigns when you create your distribution. For example, if you want the URL for the object:


    to look like this:

    instead of like this:

    you would create a CNAME for


    If you add a CNAME for to your distribution, you also need to create (or update) a CNAME record with your DNS service to route queries for to You must have permission to create a CNAME record with the DNS service provider for the domain. Typically, this means that you own the domain, but you may also be developing an application for the domain owner. For more information about CNAMEs, see Using Alternate Domain Names (CNAMEs).

    For the current limit on the number of alternate domain names that you can add to a distribution or request a higher limit, see General Limits on Web Distributions.

    SSL Certificate

    Accept the default value, Default CloudFront Certificate.

    Default Root Object (Optional)

    The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL of your distribution ( instead of an object in your distribution ( Specifying a default root object avoids exposing the contents of your distribution.

    Logging (Optional)

    If you want CloudFront to log information about each request for an object and store the log files in an Amazon S3 bucket, select On, and specify the bucket and an optional prefix for the names of the log files. There is no extra charge to enable logging, but you accrue the usual Amazon S3 charges for storing and accessing the files. CloudFront doesn't delete the logs automatically, but you can delete them at any time.

    Cookie Logging

    In this example, we're using Amazon S3 as the origin for your objects, and Amazon S3 doesn't process cookies, so we recommend that you select Off for the value of Cookie Logging.

    Comment (Optional)

    Enter any comments that you want to save with the distribution.

    Distribution State

    Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created.

    Distribution settings
  7. Choose Create Distribution.

  8. After CloudFront has created your distribution, the value of the Status column for your distribution will change from InProgress to Deployed. If you chose to enable the distribution, it will then be ready to process requests. This should take less than 15 minutes.

    The domain name that CloudFront assigns to your distribution appears in the list of distributions. (It also appears on the General tab for a selected distribution.)

Step 4: Test your links

After you've created your distribution, CloudFront knows where your Amazon S3 origin server is, and you know the domain name associated with the distribution. You can create a link to your Amazon S3 bucket content with that domain name, and have CloudFront serve it.


You must wait until the status of your distribution changes to Deployed before testing your links.

To link to your objects

  1. Copy the following HTML into a new file:

    • Replace <domain name> with the domain name that CloudFront assigned to your distribution.

    • Replace <object name> with the name of a file in your Amazon S3 bucket.

    <html> <head>My CloudFront Test</head> <body> <p>My text content goes here.</p> <p><img src="http://domain name/object name" alt="my test image"/> </body> </html>

    For example, if your domain name was and your object was image.jpg, the URL for the link would be:

    If your object is in a folder within your bucket, include the folder in the URL. For example, if image.jpg is located in an images folder, then the URL would be:

  2. Save the text in a file that has a .html filename extension.

  3. Open your web page in a browser to ensure that you can see your content. If you cannot see the content, confirm that you have performed all of the steps correctly. You can also see the tips in Troubleshooting.

The browser returns your page with the embedded image file, served from the edge location that CloudFront determined was appropriate to serve the object.

For more information on using CloudFront, go to Amazon CloudFront Resources.