download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

How to manage Private Content for Amazon CloudFront Distribution?

In AWS CloudFront, your data is organized into Distributions .  CloudFront allows you to make your Distribution Private. If you subscribe for Amazon Cloud Front services, you can mange your Private Content Distribution. Private Distribution helps you to manage your bucket's contents differently for different users. You can give access to the end user by providing Signed URL .

Basics of Amazon CloudFront Private Content:

  1. Origin Access Identity: It is a set of Unique-Id.
    • » Origin Access Identity-Id : It is used at the time of creating/updating private distribution.
    • » S3 Canonical User Id : It is used at the time of updating ACL, giving read permission to it.
  2. » Trusted Signer : For each AWS account (other than owner) where you want to assign signing authority and the one who can sign URLs for your distributed bucket is called Trusted Signer.
    • Aws Account Number: AWS account holder has unique account number which is displayed at the top right corner of account owner's Account Activity page at http://aws.amazon.com . You can add this account number in the list of Trusted Signer. You can add maximum of five account numbers other then the owner.

How Bucket Explorer can help you :

  1. Create a Private Content Distribution.
  2. Update an existing Distribution to make it Private.
  3. Get Origin Access Identity Details.
  4. Set Access Control List for S3 Canonical User Id .
  5. Manage Origin Access Identity.
    • List all existing Origin Access Identity.
    • Delete Origin Access Identity.
    • Refresh

Create a Private Content Distribution:

STEP: 1
  1. Run Bucket Explorer.
  2. Click on the  Distribution button present in bucket toolbar or you can select Manage Distribution by right clicking on the bucket.
  3. Click on List Distribution or Create Distribution option.
       create private content distribution for cloudfront service

create private content distribution for amazon cloudfront        STEP: 2
  1. Click on New button if you have listed distribution.
  2. A new window for Create Distribution will open.

STEP:3
  1. Select distribution type as Download Distribution.
  2. Click on Next button for fill up information to create private distribution.
       process for create private content distribution for amazon cloudfront services

General details for create private content distribution for amazon cloudfront STEP: 4
  1. Enter required General Distribution Details .
  2. Add object as default root object, if you want to set.
  3. Add valid CNAME(s). Also you can set logging from this panel.
  4. Add your comments and check Enable Distribution check box.
  5. Click on Next button and enter S3 Origin Details to make the distribution private.

STEP: 5
  1. Here you will find one check box:  Use Existing Origin Access Identify .
  2. Check the Use Existing Origin Access Identify  and it will show all existing origin access identity in combo box and its respective S3 canonical user Id in text field.
  3. If you want to create new, click on Generate Origin Access Identify button and it will provide new Origin Access Identity and S3 Canonical User Id.
  4. Once you have selected any of the two options; Use Existing Origin Access Identity or Generate Origin Access Identity , you have associated S3 canonical user ID with Distribution.
  5. Add above information in below "Origin Details" table.
  6. Click on Next button to add Cache Behavior Details.
S3 origin details for create private content distribution for amazon cloudfront

Cache behavior details to create private content distribution for amazon cloudfront STEP: 6
  1. Add Path Pattern. You can add Path pattern for cache behavior (Not applicable for Default Cache Behavior)
  2. To associate the cache behavior with origin, you have to select the targeted origin id and select any bucket.
  3. Provide Trusted Signer and choose Viewer Protocol Policy as Allow All or Https Only.
  4. Set query string option enabled or disabled as per your requirements.
  5. Min TTL: You can set min TTL for distribution from 0- 0 to ~3,153,600,000 seconds. Default setting is 3600s.
  6. Make it Default: If Origin table have one entry, then Cache Behavior will have to be set to default.
  7. Add all required entries in the below table and click on Create Button.


Update existing Distribution to make it Private:

STEP: 1
  1. Run Bucket Explorer.
  2. Click on Distribution in bucket toolbar or you can select Manage Distribution by right click on the bucket.
  3. List distribution window will open.
  4. Select the distribution to be updated and click on Update button present in toolbar.
  5. A new window will open to Update Distribution .
  6. Make required changes in General, Origin and Cache Behavior Details and Update it.
update private content distribution for amazon cloudfront services


Get Origin Access Identity Details:

STEP: 1
  1. Once Status , becomes “Deployed” in main Distribution window, you can see "Get Access Origin Details" by right clicking on the bucket name where you have created/updated Distribution.
       get origin access identity details for private content distribution

properties for get origin access identity details for amazon clodfront STEP: 2
  1. A Properties window will open which shows the Origin Access Identity Details and Added Trusted Signers .


Set Access Control List for S3 canonical user Id:

STEP: 1
  1. Copy S3 canonical user ID from Properties window of Origin Access Identity Details .
  2. Update Bucket's Access Control List of the Bucket where you have created Private Distribution .
  3. Click on the button Add access by Email-Id/Canonical-Id . Here, you can enter the copied S3 canonical user Id.
  4. Give Read permission only for the S3 canonical user Id.
  5. Click on “Update ACL” .
  6. You can also Update File's Access Control List on S3 Object same on Bucket, which you want to distribute privately.

Manage Origin Access Identity:

  1. Run Bucket Explorer.
  2. Click on the Distribution present in bucket toolbar or you can select Manage Distribution by right clicking on the bucket.
  3. The List Distribution window open.
  4. Click on Origin Access Identity List .
       manage origin access identity list for private content distribution

manage origin access identity listing
  1. A new window will open which shows the list of existing Origin Access Identity with three buttons in toolbar.
    • Refresh : Refresh will refresh the listing
    • Delete : Delete will delete the selected Origin Access Identity.
    • Copy (S3 canonical Id) : Copy option will allow you to copy the S3 canonical Id.
  2. Close the Origin Access Identity List window.