download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

CloudFront - How to Update Private Distribution (GET Distribution, PUT Distribution with Origin Access Identity and AWS Trusted Signers)?

In AWS CloudFront, your data is organized into Distributions . You can create Private Distribution to register your Origin Server ( Amazon S3 Bucket where your S3 Objects are stored) with CloudFront. Public Distribution requires to set "All User" read permission on S3 Origin Objects. To restrict who can access your objects, you will need to create Private Distribution and keep all your S3 Objects Private. 

Update distribution will take approximate 15 minutes to reflect the changes to all origin servers. If you want to Update CloudFront Distribution, you can send an  HTTP GET Request to access the Distribution Config and then submit an updated Distribution Configuration using an HTTP PUT Distribution Config Request to the AWS CloudFront, along with other necessary information. You can Update the CloudFront Distribution one of the two ways:

  1. Update CloudFront Private Download Distribution with CloudFront API- PUT Distribution Config - If you are a programmer, you can write your own code, to use AWS CloudFront supported APIs - GET Distribution Config and PUT Distribution Config in your code to update CloudFront Distribution.
  2. Update CloudFront Private Download Distribution using Bucket Explorer- You can update CloudFront Distribution using Bucket Explorer User Interface if you do not want to write software code.
  1. Update CloudFront Private Distribution with CloudFront REST API- GET Distribution Config and PUT Distribution Config

    You can follow the following steps to update the CloudFront Private Distribution using AWS API:

    • Submit a GET Distribution Config request to get the current configuration and the Etag header for the distribution.
    • Update the XML document that was returned in the response to GET Download Distribution Config request with the desired changes. Value of CallerReference or DNSName can not be changed.
    • Submit a PUT Distribution Config request to update the distribution.

    GET Distribution Config


    GET /2013-05-12/distribution/ distribution ID /config HTTP/1.1
    Host: cloudfront.amazonaws.com
    Authorization: AWS authentication string
    Date: time stamp
    Other required headers
     

    PUT Distribution Config


    PUT /2013-05-12/distribution/ distribution ID /config HTTP/1.1
    Host: cloudfront.amazonaws.com
    If-Match: value from ETag header in previous GET response
    Authorization: AWS authentication string
    Other required headers

    <?xml version="1.0" encoding="UTF-8"?>
    <DistributionConfig xmlns="http://cloudfront.amazonaws.com/doc/2013-05-12/">
    <CallerReference> unique description for this
    distribution config </CallerReference>
    <Aliases>
    <Quantity> number of CNAME aliases </Quantity>
    <!-- Optional. Omit when Quantity = 0. -->
    <Items>
    <CNAME> CNAME alias </CNAME>
    </Items>
    </Aliases>
    <DefaultRootObject> URL for default root object </DefaultRootObject>
    <Origins>
    <Quantity> number of origins </Quantity>
    <Items>
    <Origin>
    <Id> unique identifier for this origin </Id>
    <DomainName> domain name of origin </DomainName>
    <!-- Include the S3OriginConfig element only if
    you use an Amazon S3 origin for your distribution. -->
    <S3OriginConfig>
    <OriginAccessIdentity>origin-access-identity/
    cloudfront/ ID </OriginAccessIdentity>
    </S3OriginConfig>
    <!-- Include the CustomOriginConfig element only if
    you use a custom origin for your distribution. -->
    <CustomOriginConfig>
    <HTTPPort> HTTP port that the custom origin
    listens on </HTTPPort>
    <HTTPSPort> HTTPS port that the custom origin
    listens on </HTTPSPort>
    <OriginProtocolPolicy>http-only |
    match-viewer</OriginProtocolPolicy>
    </CustomOriginConfig>
    </Origin>
    </Items>
    </Origins>
    <DefaultCacheBehavior>
    <TargetOriginId> ID of the origin that the default cache behavior
    applies to </TargetOriginId>
    <ForwardedValues>
    <QueryString>true | false</QueryString>
    <Cookies>
    <Forward>all | whitelist | none</Forward>
    <!-- Required when Forward = whitelist,
    omitted otherwise. -->
    <WhitelistedNames>
    <Quantity> number of cookie names to
    forward to origin </Quantity>
    <Items>
    <Name> name of a cookie to forward to
    the origin </Name>
    </Items>
    </WhitelistedNames>
    </Cookies>
    </ForwardedValues>
    <TrustedSigners>
    <Enabled>true | false</Enabled>
    <Quantity> number of trusted signers </Quantity>
    <!-- Optional. Omit when Quantity = 0. -->
    <Items>
    <AwsAccountNumber>self | AWS account that can create
    signed URLs </AwsAccountNumber>
    </Items>
    </TrustedSigners>
    <ViewerProtocolPolicy>allow-all |
    https-only</ViewerProtocolPolicy>
    <MinTTL> minimum TTL in seconds </MinTTL>
    </DefaultCacheBehavior>
    <CacheBehaviors>
    <Quantity> number of cache behaviors </Quantity>
    <!-- Optional. Omit when Quantity = 0. -->
    <Items>
    <CacheBehavior>
    <PathPattern> pattern that specifies files that this
    cache behavior applies to </PathPattern>
    <TargetOriginId> ID of the origin that this cache behavior
    applies to </TargetOriginId>
    <ForwardedValues>
    <QueryString>true | false</QueryString>
    <Cookies>
    <Forward>all | whitelist | none</Forward>
    <!-- Required when Forward = whitelist,
    omitted otherwise. -->
    <WhitelistedNames>
    <Quantity> number of cookie names to forward
    to origin </Quantity>
    <Items>
    <Name> name of a cookie to forward to
    the origin </Name>
    </Items>
    </WhitelistedNames>
    </Cookies>
    </ForwardedValues>
    <TrustedSigners>
    <Enabled>true | false</Enabled>
    <Quantity> number of trusted signers </Quantity>
    <!-- Optional. Omit when Quantity = 0. -->
    <Items>
    <AwsAccountNumber>self | AWS account that can create
    signed URLs </AwsAccountNumber>
    </Items>
    </TrustedSigners>
    <ViewerProtocolPolicy>allow-all |
    https-only</ViewerProtocolPolicy>
    <MinTTL> minimum TTL in seconds for files
    specified by PathPattern </MinTTL>
    </CacheBehavior>
    </Items>
    </CacheBehaviors>
    <Comment> comment about the distribution </Comment>
    <Logging>
    <Enabled>true | false</Enabled>
    <IncludeCookies>true | false</IncludeCookies>
    <Bucket> Amazon S3 bucket to save logs in </Bucket>
    <Prefix> prefix for log filenames </Prefix>
    </Logging>
    <ViewerCertificate>
    <IAMCertificateId> IAM certificate ID </IAMCertificateId> |
    <CloudFrontDefaultCertificate>true</CloudFrontDefaultCertificate>
    </ViewerCertificate>
    <PriceClass> maximum price class for the distribution </PriceClass>
    <Enabled>true | false</Enabled>
    </DistributionConfig>
     
  1. Updating Private Distribution using Bucket Explorer:

    Steps:
    1. Run Bucket Explorer.
    2. Choose "Distribution" icon from Bucket table toolbar or you can do the same by selecting "Manage Distribution" option from right click menu option of any bucket.
    3. It displays a "Distribution" window having list of already created distributions.
    4. Select desired Private distribution to be updated and click on Update button.
    5. It will open panel for update Private (Download) distribution.
    6. Make desired update on your distribution and click on Update button.