1 00:00:00,060 --> 00:00:02,670 Okay, so let's go ahead and practice using CloudFront, 2 00:00:02,670 --> 00:00:05,410 but first we need to create an S3 bucket. 3 00:00:05,410 --> 00:00:07,348 So in Amazon stream, 4 00:00:07,348 --> 00:00:09,065 I want you to create a bucket called demo 5 00:00:09,065 --> 00:00:14,065 CloudFront-Stephane-v2 and a region, so EU-west-1 is good. 6 00:00:15,060 --> 00:00:18,500 I will leave all public access blocking 7 00:00:18,500 --> 00:00:20,260 and I will scroll down. 8 00:00:20,260 --> 00:00:22,230 Then just click on create my bucket. 9 00:00:22,230 --> 00:00:24,590 So this is the bucket that is going to host our website. 10 00:00:24,590 --> 00:00:27,160 And so click on view details to go into the bucket. 11 00:00:27,160 --> 00:00:30,030 And I'm going to upload now three files into my bucket. 12 00:00:30,030 --> 00:00:33,210 So I will upload my index.html, my beach.jpeg, 13 00:00:33,210 --> 00:00:34,510 and my coffee.jpeg. 14 00:00:34,510 --> 00:00:36,943 So all these files are uploaded. 15 00:00:38,933 --> 00:00:40,200 Okay, we're now done. 16 00:00:40,200 --> 00:00:42,580 And so what I want you to see is that these files, 17 00:00:42,580 --> 00:00:45,670 so if we take, for example, the index.html, 18 00:00:45,670 --> 00:00:47,500 we have two ways of accessing it. 19 00:00:47,500 --> 00:00:50,210 We can either access it using the object URL, 20 00:00:50,210 --> 00:00:51,450 but this is not going to work 21 00:00:51,450 --> 00:00:53,510 because my bucket is not public. 22 00:00:53,510 --> 00:00:55,580 So I'm going to get an access denied. 23 00:00:55,580 --> 00:00:58,440 Or we can say, for example, click on this open button, 24 00:00:58,440 --> 00:01:03,440 which actually generates a pre-signed URL. 25 00:01:04,000 --> 00:01:05,941 And this particular URL 26 00:01:05,941 --> 00:01:07,782 allows me to access my index.html file, 27 00:01:07,782 --> 00:01:09,810 but obviously my coffee.jpeg is not working for here. 28 00:01:09,810 --> 00:01:10,650 So as we can see, 29 00:01:10,650 --> 00:01:13,360 we have some ways of accessing our files in S3. 30 00:01:13,360 --> 00:01:16,640 But we want to allow the access of these files 31 00:01:16,640 --> 00:01:18,080 through CloudFront. 32 00:01:18,080 --> 00:01:20,960 And so to do so what I'm going to do is just go into 33 00:01:20,960 --> 00:01:22,380 the CloudFront service itself. 34 00:01:22,380 --> 00:01:25,173 So I will look for the service named CloudFront, 35 00:01:29,001 --> 00:01:31,150 and we can observe that CloudFront 36 00:01:31,150 --> 00:01:33,430 is a global service that does not require region selection, 37 00:01:33,430 --> 00:01:35,810 because we are deploying a CloudFront distribution 38 00:01:35,810 --> 00:01:37,060 all around the world. 39 00:01:37,060 --> 00:01:39,140 So we're going to create our first distribution 40 00:01:39,140 --> 00:01:41,040 and we need to choose an origin domain. 41 00:01:41,040 --> 00:01:42,980 So here we have different options. 42 00:01:42,980 --> 00:01:45,320 So we have Amazon history, elastic load balancers, 43 00:01:45,320 --> 00:01:46,440 et cetera, et cetera. 44 00:01:46,440 --> 00:01:47,720 We've introduced Amazon S3. 45 00:01:47,720 --> 00:01:50,161 So we're going to choose this demo 46 00:01:50,161 --> 00:01:51,190 CloudFront-Stephane-v2 bucket. 47 00:01:51,190 --> 00:01:52,140 But as you can see, 48 00:01:53,006 --> 00:01:53,839 you could enter here your own 49 00:01:53,839 --> 00:01:54,672 origin domain name if you wanted to. 50 00:01:54,672 --> 00:01:56,810 If you wanted to have a custom HDP origin. 51 00:01:56,810 --> 00:01:59,220 But in this example, we're going to use Amazon S3. 52 00:01:59,220 --> 00:02:02,550 So I just use a drop down and select my S3 bucket. 53 00:02:02,550 --> 00:02:04,960 Now the name of my origin is going to be like this, 54 00:02:04,960 --> 00:02:07,060 and we're going to create a OAI. 55 00:02:07,060 --> 00:02:09,590 So it's an origin access identity. 56 00:02:09,590 --> 00:02:11,009 And this is only available because 57 00:02:11,009 --> 00:02:13,660 we are using an S3 bucket access. 58 00:02:13,660 --> 00:02:16,010 So here we have to create an OAI, 59 00:02:16,010 --> 00:02:18,232 which is what I'm going to do 60 00:02:18,232 --> 00:02:19,310 is I'm going to click on create OAI. 61 00:02:19,310 --> 00:02:21,440 This is going to create this OAI name right here. 62 00:02:21,440 --> 00:02:22,840 I will click on create. 63 00:02:22,840 --> 00:02:26,630 And in here I'm able to choose this newly created OAI. 64 00:02:26,630 --> 00:02:28,050 So what's going to happen is that 65 00:02:28,050 --> 00:02:30,740 CloudFront is going to access my S3 bucket 66 00:02:30,740 --> 00:02:32,630 using this identity. 67 00:02:32,630 --> 00:02:35,870 And we can edit the bucket policy of the S3 bucket 68 00:02:35,870 --> 00:02:38,210 to allow real access to the OAI. 69 00:02:38,210 --> 00:02:41,210 So let's, yes, let's update the bucket policy. 70 00:02:41,210 --> 00:02:42,570 And what we can do is we can check that 71 00:02:42,570 --> 00:02:44,740 if we go right now into permissions, 72 00:02:44,740 --> 00:02:47,010 scroll down and look at the bucket policy. 73 00:02:47,010 --> 00:02:49,193 Well, currently the bucket policy is empty. 74 00:02:50,220 --> 00:02:52,420 So we are going to scroll down 75 00:02:52,420 --> 00:02:54,380 and then we are not going to change 76 00:02:54,380 --> 00:02:56,940 any of these settings for now. 77 00:02:56,940 --> 00:02:57,913 So we're good. 78 00:02:59,550 --> 00:03:01,240 Let's scroll down all the way. 79 00:03:01,240 --> 00:03:03,730 And the default route object is the file name 80 00:03:03,730 --> 00:03:05,760 that you want to return to your request 81 00:03:05,760 --> 00:03:07,480 if we're using the root URL. 82 00:03:07,480 --> 00:03:10,750 So we're just going to here here, index.html, 83 00:03:10,750 --> 00:03:12,474 and we're good to go. 84 00:03:12,474 --> 00:03:14,150 Now let's click on create distribution 85 00:03:14,150 --> 00:03:16,542 and the distribution is now deploying. 86 00:03:16,542 --> 00:03:17,375 This takes about five minutes. 87 00:03:17,375 --> 00:03:18,540 So let me pause the video. 88 00:03:18,540 --> 00:03:21,370 So my distribution is now created 89 00:03:21,370 --> 00:03:24,050 and I can copy the distribution domain name, 90 00:03:24,050 --> 00:03:26,130 enter in a new tab and press enter. 91 00:03:26,130 --> 00:03:29,967 And as we can see, we get I really love coffee, hello world, 92 00:03:29,967 --> 00:03:31,950 and then our coffee.jpeg file and so on. 93 00:03:31,950 --> 00:03:34,400 So that means that the CloudFront distribution is working. 94 00:03:34,400 --> 00:03:36,860 I can still not access my files directly 95 00:03:36,860 --> 00:03:39,910 by using the URL in Amazon S3. 96 00:03:39,910 --> 00:03:42,500 The only way I can access my files is by using CloudFront. 97 00:03:42,500 --> 00:03:46,180 So CloudFront is distributing my content from Amazon S3. 98 00:03:46,180 --> 00:03:48,570 So we can do beach.jpeg, for example, 99 00:03:48,570 --> 00:03:50,680 and yes, we can see the beach.jpeg file 100 00:03:50,680 --> 00:03:52,770 or coffee.jpeg obviously. 101 00:03:52,770 --> 00:03:54,559 But the cool thing about it is 102 00:03:54,559 --> 00:03:56,140 that now these files are caged. 103 00:03:56,140 --> 00:03:56,973 I've crashed. 104 00:03:56,973 --> 00:03:59,110 So that means that if I go back to my beach.jpeg, 105 00:03:59,110 --> 00:04:02,100 it's actually not being served from Amazon S3 anymore, 106 00:04:02,100 --> 00:04:05,110 it's served directly from a CloudFront edge location. 107 00:04:05,110 --> 00:04:07,710 Same if I went back to my index HTML. 108 00:04:07,710 --> 00:04:09,790 Now the request does not make it go 109 00:04:09,790 --> 00:04:11,480 all the way through to Amazon S3. 110 00:04:11,480 --> 00:04:14,640 It is cashed yet again in an education for CloudFront. 111 00:04:14,640 --> 00:04:15,820 So this really shows the power 112 00:04:15,820 --> 00:04:18,930 of using a CloudFront distribution on top of Amazon S3 113 00:04:18,930 --> 00:04:21,709 because now this content is going to be available globally 114 00:04:21,709 --> 00:04:23,440 with low latency. 115 00:04:23,440 --> 00:04:24,700 The last thing I want to check is that 116 00:04:24,700 --> 00:04:26,540 if we go back to our permissions, 117 00:04:26,540 --> 00:04:28,440 as you can see the buckets policy was empty. 118 00:04:28,440 --> 00:04:30,280 But if I refresh my page right now 119 00:04:32,060 --> 00:04:32,893 and have a look, 120 00:04:32,893 --> 00:04:35,370 the bucket policy now is not empty. 121 00:04:35,370 --> 00:04:38,460 And it contains a statement that allows the principle. 122 00:04:38,460 --> 00:04:41,570 And this is a CloudFront origin access identity principle 123 00:04:41,570 --> 00:04:45,720 to do get object on any resource in my S3 buckets. 124 00:04:45,720 --> 00:04:47,810 And we can have a look at this identity. 125 00:04:47,810 --> 00:04:49,050 So on the left hand side, 126 00:04:49,050 --> 00:04:50,780 if I go and scroll down 127 00:04:50,780 --> 00:04:52,920 and look at origin access identities, 128 00:04:52,920 --> 00:04:55,635 we can find here the origin access identity 129 00:04:55,635 --> 00:04:56,468 that we have created 130 00:04:56,468 --> 00:04:58,310 that is associated with our CloudFront distribution. 131 00:04:58,310 --> 00:05:02,130 And that is allowing us, CloudFront mostly, 132 00:05:02,130 --> 00:05:04,890 to get the content from the S3 buckets 133 00:05:04,890 --> 00:05:08,350 and then distribute it as a public URL. 134 00:05:08,350 --> 00:05:09,360 So that's it for this lecture. 135 00:05:09,360 --> 00:05:12,310 I hope you liked it and I will see you in the next lecture.