AWS CloudFront With Wasabi

How do I use AWS CloudFront with Wasabi?

AWS CloudFront is a Content-Delivery Network (CDN) offered by Amazon Web Services. To distribute your Wasabi bucket content using AWS CloudFront, follow the steps below.

Creating Your CloudFront Distribution

1. Navigate to CloudFront and click Create distribution. Set the origin domain to ‘wasabisys.com' and input the bucket name in the Origin Path field. For instance, the bucket name is 'example-bucket' in the example below. This origin path in CloudFront appends to the origin domain name when CloudFront requests content from the origin.

2. Add a custom header with the Header name set as 'Referer' and the value of your choice. In the example below, the value shown is 'your-header-value'. For enhanced security, you may generate a random value for your custom header value using appropriate methods.

   

   Adding a Referer header in CloudFront ensures that CloudFront adds a Referer header, with the custom value that you set, to the end user's request before passing it to Wasabi servers. The referrer header enhances the security of the bucket. In the case of a public bucket, anyone can access its data using the S3 URL (s3.wasabisys.com/mybucket/object-name). However, with a referrer string, only those who have the specific referrer value in their request (by using CloudFront distribution) can gain access to the bucket. Consequently, any request without the custom referrer value will result in an access denied error.

3. Add the appropriate caching policy according to your requirements in the Default cache behavior section.

   

4. Add the appropriate origin request policy according to your requirements. In order to use Wasabi as a CloudFront origin your policy should not forward the Host Header.

   

5. Select the appropriate Web Application Firewall (WAF) settings according to your requirements. Note that the WAF feature may include additional costs.

   

   To configure the other options in your CloudFront distribution setup, refer to the AWS document to Create a distribution.

6. Click Create Distribution

7. Once the distribution is deployed and active, add the bucket policy from the section below to the bucket.

Adding the Bucket Policy

A bucket policy is required to enable all the objects in the bucket to be publicly available, instead of setting each object to public.

Change the example-bucket to your bucket name in the resource below and the your-header-value to the header value set in Step 2 of Create Your CloudFront Distribution.

{ 
  "Id": "Policy1712672924209", 
  "Version": "2012-10-17", 
  "Statement": [ 
    { 
      "Sid": "Stmt1712672923321", 
      "Effect": "Allow", 
      "Principal": { 
        "AWS": "*" 
      }, 
      "Action": "s3:GetObject*", 
      "Resource": "arn:aws:s3:::example-bucket/*", 
      "Condition": { 
        "StringLike": { 
          "aws:Referer": "your-header-value" 
        } 
      } 
    } 
  ] 
} 

Uploading the Web Content to be Distributed on Wasabi Hot Cloud Storage

1. Sign in to the Wasabi Console and open the console at https://console.wasabisys.com.

2. Click Create Bucket. Select the region for your bucket.

3. Select your bucket and in the Bucket pane. Click Upload Files to select the files that you want to upload. Click Upload.

4. To access the objects using the CDN, you can use the URL: Distribution-domain-name/folder-name/object-name.

   

To test your CloudFront URLs, refer to the following AWS document to test a distribution.