AWS CloudFront service

AWS has lots of services, some I’ve explored and written about before, and some I’m yet to explore. For this article let’s stick to its CloudFront service. Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, photos, APIs, Applications etc. to customers globally with low latency, high transfer speeds.

For learning and practicing purposes I will be using CLI to;

1. configure a webserver on an AWS instance
2. persistently mounting its document root on an EBS device
3. store all static objects used in S3
4. set up a CDN (Content Delivery Network) using CloudFront, with S3 as the origin domain
5. Browsing using the cloudFront URL to experience low latency and high security

We’ll start by configuring aws in our command prompt (prerequisite: AWS CLI downloaded and installed)

aws configure

Then I created a key pair, ensure you’re in the directory where you want to save the downloaded key for further use.

aws ec2 create-key-pair — key-name MyKey — query “Key1” — output text > MyKey.pem

This is followed by creation of a security group to control our ingress and egress in the instance it will be linked to later on. We will need to log in to our instance using SSH protocol (tcp port 22) remotely, and we’ll be using the http protocol (tcp port 80) for the images uploaded on S3, so we’ll set ingress rule accordingly.

aws ec2 create-security-group — group-name myRule — description “security group for task” — vpc-id vpc-063ede6d

aws ec2 authorize-security-group-ingress — group-name myRule — protocol tcp — port 22 — cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress — group-name myRule — protocol tcp — port 80 — cidr 0.0.0.0/0

Running the EC2 instance, with the key pair and security group made above is the next step.

aws ec2 run-instances — image-id ami-0e306788ff2473ccb — count 1 — instance-type t2.micro — key-name MyKey — security-group-ids sg-0655c49f73d3f5ecf — subnet-id subnet-292f2641

aws ec2 create-tags — resources i-05cf502e79954f03e — tags Key=Name, Value=MyInstance

Now, we remotely login using SSH or putty in Windows. The CLI command: ssh -l ec2-user -i MyKey.pem 13.233.224.1

Then we create and attach an EBS volume to the instance. This ensures higher security of the data as even when the instance gets corrupted the data on this drive is safe. The commands to create and attach the EBS Volume are:

aws ec2 create-volume — availability-zone ap-south-1a — volume-type gp2 — size 1

aws ec2 attach-volume — volume-id vol-0509b3cb61afb5f42 — instance-id i-05cf502e79954f03e— device /dev/sdf

Next we work on Partitioning, formatting and mounting this volume on a drive. fdisk -l can be used to list the existing disk partitions. Commands are as follows:

1. fdisk /dev/xvdf this will be followed by entering option n (new partition), then p (primary), then w (to save the partition made)

2. mkfs.ext4 /dev/xvdf1 to format the partition

3. Before mounting, we need to install httpd (an Apache tool) to make the instance as a webserver, command for it is: yum install httpd -y

4. mount /dev/xvdf1 /var/www/html to mount

Now we need to create a S3 bucket to store the data, it is done by the command: aws s3api create-bucket — bucket imgbucket — region ap-south-1 — create-bucket-configuration LocationConstraint=ap-south-1

To upload images in the bucket:

aws s3 sync “C:\Users\Janh\Desktop\Image” s3://imgbucket

Now, we must create a HTML file in /var/www/html directory as httpd accesses only that directory:

cd /var/www/html

vi index.html (add the S3 image url, after making it public readable, in this code)

systemctl start httpd

Finally the part with CloudFront!!

aws cloudfront create-distribution — origin-domain-name imgbucket.s3.amazonaws.com — default-root-object aws.png

Then, change the S3 url to the url obtained by the cloudfront service in the html file (index.html) to see the fast speed by which the webserver loads. And here is the final result:

Deployed Webserver