AWS CloudFront Setup

Parth Patel

9 min readOct 27, 2020

Create High Availability Architecture with AWS CLI

The architecture includes-

- Web Server configured on EC2 Instance

- Document Root(/var/www/html) made persistent by mounting on EBS Block Device.

- Static objects used in code such as pictures stored in S3

- Setting up a Content Delivery Network using CloudFront and using the origin domain as S3 bucket.

- Finally place the CloudFront URL on the webapp code for security and low latency.

AWS — Amazon Web Services is a Public Cloud Service by Amazon Company.

AWS provides Infrastructure As A Service, Platform As A Service, and Software As A Service.
In This Task I am going to use AWS CLI,EC2 ,EBS, S3,Cloudfront.
AWS Provides High Availability,Isolation and Security of services used by us.
AWS Provide each service with minimal cost.
AWS works on a pay-as-we-go model.

PUBLIC CLOUD — Public cloud allows us to use provider’s Resources on Rent.

EC2 — Elastic Compute Cloud -> EC2 provides a compute unit to the tenant.By using EC2 a tenant launches Bootable Instance within seconds. EC2 provides a good service while working in a company. We need to install and uninstall Operating Systems many times but due to AWS fast service we can do this thing fastly with addons.

👉 Provides RAM + CPU

👉 Create Security Group

👉 Create Key

👉 Generate Elastic IP

👉 many more

EBS — Elastic Block Storage -> Block storage is used to store data and we can launch an operating system system on it.EBS is a kind of pen drive which can be removed from one operating system and attached to another.

S3 — Simple Storage Service -> S3 is an Object Storage which stores data permanently but we can’t install an Operating system on On=bject Storage.Daily example of Object Storage is Google Drive.

CLOUDFRONT — It is a Content Delivery Network As A Service which provides edge locations to store caches for low latency.It requires an origin means a storage which can store data so that by accessing that it will create caches for good user experience.

Let’s start :-

______________________________

THE MOST POWERFUL COMMAND IN AWS CLI -

“aws help” is the very helpful command I used for this task.

______________________________

AWS CONFIGURE -

Before starting anything we need to configure. Configuration is done by us because it will connect our Command Line to AWS IAM User Account so that we can launch our services there.

“ aws configure ” is the command for configuration.

______________________________

KEY PAIR -

We need to generate a keypair because when we launch an instance it needs a key.Now why key not any password?? Key is used by the machine to login into the instance so that we can perform our task there.

It is the same as for every Lock there is a Key so here Lock Resembles Instance and Key is our Private Key.

This is the Command for generating key and storing on our given location for local P.C.->

“ aws ec2 create-key-pair — key-name MyKey — query “KeyMaterial” — output text > MyKey.pem”

The Key is Created.

______________________________

SECURITY GROUP -

Security Group is very important in AWS as this is the best way to provide security to our instance.Security group have two rule — Ingress and egress.Ingress means allow only those IP which is allowed by admin and egress means instance can access only those IPs which are allowed by admin.

“ aws ec2 create-security-group — group-name myRule — description “security group for task” — vpc-id vpc-939d80fb” -> This is the command to create a security group but there is one issue that it only give egress rule as allow all traffic but does not give any ingress rule so we have to create an ingress rule.

Security Group is Created -

“ aws ec2 authorize-security-group-ingress — group-name myRule — protocol tcp — port 22 — cidr 0.0.0.0/0 ” -> This is the command to create an ingress rule for above created security group to allow SSH in instance.

Rule is created -

______________________________

EC2 INSTANCE -

For web server configuration we require an instance so the command to launch a instance is “ aws ec2 run-instances — image-id ami-0e306788ff2473ccb — count 1 — instance-type t2.micro — key-name MyKey — security-group-ids sg-08f468e03ce8fbdbb — subnet-id subnet-73e0da1b ”. In this instance I have used the created Key and Security Group.

Now to give a tag to my instance i have used this command “ aws ec2 create-tags — resources i-0264e8c0a7598f838 — tags Key=Name,Value=MyInstance ”

Instance is created -

Volume is created -

______________________________

SSH -

For entering into any instance from Windows/Linux command line we use SSH.SSH is used to do Remote Login into the O.S.

The command used is “ ssh -l ec2-user -i MyKey.pem 15.206.116.178 ”

______________________________

EBS VOLUME -

By default one 8Gib volume is attached to EC2 Instance where the instance is installed and that root volume is the main drive aka “/”. But when instances corrupt the only drive that surely gets corrupt with it is Root so to secure the data from corruption EBS Volume is made and mounted to a folder.

The command to create EBS Volume is “ aws ec2 create-volume — availability-zone ap-south-1a — volume-type gp2 — size 1 ”.

Volume is Created but not attached. -

Now it is just created not attached to EC2 Instance So we need to attach it to EC2 Instance by this command “ aws ec2 attach-volume — volume-id vol-0509b3cb61afb5f42 — instance-id i-071d7b410c0f5a9d6 — device /dev/sdf ”

Now Volume is attached to the instance.

Instance is successfully launched and also volume is attached.

______________________________

PARTITION -

We have successfully attached 1 Gib EBS Volume to EC2 Instance So we have to follow 3 steps now so that we will mount 1 Gib Volume to /var/www/html directory.

👉PARTITION

👉 FORMAT

👉 MOUNT

First check how many volumes are attached to this instance by the command “ fdisk -l ”

👉 PARTITION

The command to do partitioning is “ fdisk /dev/xvdf”

By entering “m” will open more options in front of you.

Press “n” to create a new partition

Press “p” to create the primary partition.

Press “w” to save the partition made.

See the partition is created.

👉 FORMAT

“ mkfs.ext4 /dev/xvdf1 ” is the command to format the partition.

Before mounting, install httpd which is Apache Tool to make an instance as a web server.

The command to install httpd is “ yum install httpd -y”

👉 MOUNT

/var/www/html is by default a folder made by httpd as this is the main folder which is accessed by httpd while launching the website.

The command to mount partition is “mount /dev/xvdf1 /var/www/html”

By “df -h” command you can see that /var/www/html is mounted to /dev/xvdf1.

______________________________

S3 -

S3 here is used to store static files which are used in websites . AWS gives high Availability and Durability Guarantee on S3.

The Command to create S3 Bucket is “ aws s3api create-bucket — bucket manalibucket — region ap-south-1 — create-bucket-configuration LocationConstraint=ap-south-1 ”

Bucket is created :-

“ aws s3 ls” command is used to see how many buckets are present in s3.

The command to upload object in s3 is “ aws s3 sync “C:\Users\Manali Jain\Desktop\AWS+ARTH task\Task key\image” s3://manalibucket ”

______________________________

CREATE A FILE -

Now create a HTML file so that it will be publicly accessible but the image URL used is of S3.

NOTE — create your program file in /var/www/html directory as httpd by default access that folder files.

This is the code which contains S3 object URL.

Now start httpd as this is very important otherwise you will not be able to see your page.

Oh where is the image??

Not to worry we forgot to make S3 Object Public Readable.

______________________________

S3 OBJECT PUBLIC READ-

Make S3 Object Publicly readable.

Now to make the object publicly readable use this command “ aws s3api put-object-acl — bucket manalibucket — key aws.png — acl public-read ”

Now you can see it publicly Visible.

______________________________

CLOUDFRONT -

CloudFront plays very important role for low latency.When origin is far from client then edge location is used to store cache so that it will be fastly accessible.As in cloudfront we can set Time To Live [TTL] so that only for that time cache will be stored in edge location.Caches are temporary in nature.

The command to create cloudfront is “ aws cloudfront create-distribution — origin-domain-name manalibucket.s3.amazonaws.com — default-root-object aws.png ”