using-aws-s3-buckets-cloudfront-distribution-with-craft-cms
Using a cloud storage system like AWS S3 with a CDN distribution can be a convenient and inexpensive way to store your assets. Here’s how to set it up right.
Assets like images, PDFs, and other files are often an important part of the “content” that a Content Management System handles.
Although this article was written with Craft CMS in mind, the vast majority of the article applies generically to any CMS or website.
Craft CMS has some fantastic native handling of said assets, which by default are stored in folders on your server.
However, it can be convenient to use a cloud-based storage system like Amazon Web Services (AWS) Simple Storage Service (S3):
- You’ll never run out of disk space
- Your assets are inherently backed up & stored off-site
- Your assets can go to long-term backup in AWS Glacier easily
- You can leverage a Content Delivery Network (CDN) in the form of Cloudfront
- Eliminates the need to sync assets between local dev, staging, and production environments
- It’s cheap (or even free) & scalable
There are other advantages as well, but we’ll just assume you’re on-board, and get right into how to set it up.
LINKSETTING UP S3
Don’t serve assets directly from S3 buckets
S3 buckets are intended for asset storage, not serving assets. It’ll work, but you’ll only be serving them out of one geographic region (wherever your S3 bucket was created), and it really wasn’t designed to for that.
Instead, use AWS CloudFront as your Content Delivery Network (CDN) that actually serves up your assets.
Here’s what it looks like conceptually:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-KjGgikUB-1669738403971)(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQAAAQABAAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAANABADASIAAhEBAxEB%2F8QAFgABAQEAAAAAAAAAAAAAAAAAAwAG%2F8QAIBAAAgIBBAMBAAAAAAAAAAAAAQIDBAAREjFRExQhcf%2FEABUBAQEAAAAAAAAAAAAAAAAAAAAB%2F8QAGhEAAgMBAQAAAAAAAAAAAAAAAQIAETESIf%2FaAAwDAQACEQMRAD8A1lxoblSREsqgVgGYHg9ZQv6lWvGh84Ztu%2FcBz%2B4y0ayo6rCoVzqw7OFZrqqwLGEVVkHwrrlJN%2BZCIt9Ns%2F%2FZ)]
AWS S3 + CloudFront Overview
The idea is that when a person loads one of your web pages with an image on it, the image will point to a CloudFront URL.
If that image is in the cache, it’ll return it from a CDN Edge server that is geographically near the person loading the page. This makes it quick, with low latency.
If the image isn’t in the cache, CloudFront pulls it from your S3 bucket, returns it to the person, and propagates the image to the CDN Edge locations.
S3 Buckets shouldn’t be publicly accessible
The rule of thumb here is that S3 buckets aren’t publicly accessible. Instead, CloudFront is given permission to pull assets from the S3 buckets.
That said, let’s get into setting it all up.
LINKSTEP 1: HAVE AN AWS ACCOUNT
If you don’t have one already, you should also set up an admin account for AWS now.
LINKSTEP 2: CREATE AN S3 BUCKET
LINKSTEP 3: CREATE A CUSTOM POLICY
This isn’t a fancy watch. We don’t add complications just because they look cool
From your AWS Console, click on Services → IAM → Policies → Create Policy.
Click on the JSON tab, and then paste this in:
custom policy
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["acm:ListCertificates","cloudfront:GetDistribution","cloudfront:GetStreamingDistribution","cloudfront:GetDistributionConfig","cloudfront:ListDistributions","cloudfront:ListCloudFrontOriginAccessIdentities","cloudfront:CreateInvalidation","cloudfront:GetInvalidation","cloudfront:ListInvalidations","elasticloadbalancing:DescribeLoadBalancers","iam:ListServerCertificates","sns:ListSubscriptionsByTopic","sns:ListTopics","waf:GetWebACL","waf:ListWebACLs"],"Resource": "*"},{"Effect": "Allow","Action": ["s3:GetBucketLocation","s3:ListAllMyBuckets"],"Resource": "*"},{"Effect": "Allow","Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::REPLACE-WITH-BUCKET-NAME"]},{"Effect": "Allow","Action": ["s3:*"],"Resource": ["arn:aws:s3:::REPLACE-WITH-BUCKET-NAME/*"]}]
}
custom policy
Make sure you replace REPLACE-WITH-BUCKET-NAME with the name of the bucket we created in Step 2 (in our case devmode-bucket), in both places.
Then click on Review Policy, and give your policy a name (in our case devmode-policy) and description, then click on Create Policy:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-JCTGlRcL-1669738403989)(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQIAOQA5AAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAALABADASIAAhEBAxEB%2F8QAFgABAQEAAAAAAAAAAAAAAAAAAQIG%2F8QAHBAAAgICAwAAAAAAAAAAAAAAAQIAEQMhEhNh%2F8QAFAEBAAAAAAAAAAAAAAAAAAAAAP%2FEABQRAQAAAAAAAAAAAAAAAAAAAAD%2F2gAMAwEAAhEDEQA%2FAN2zcWoXHsB0VO%2FInYBkZmKJamjA%2F9k%3D)]
Creating an IAM policy
LINKSTEP 4: CREATE A GROUP
The IAM policy gets attached to the group
We’re doing this because it makes it trivial to move users in and out of the group, and the group is what is controlling access permissions.
You also then won’t be out of luck if you somehow lose the user credentials, you can just create a new user and assign it to the group.
From your AWS Console, click on Services → IAM → Groups → Create New Group, and give your group a name (in our case devmode-group).
At the Attach Policy screen, search for the policy we created in Step 3, and check it and click Next Step:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Ap9EFMJr-1669738403991)(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQIAOQA5AAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAAKABADASIAAhEBAxEB%2F8QAFwAAAwEAAAAAAAAAAAAAAAAAAAEDBv%2FEABkQAQEBAAMAAAAAAAAAAAAAAAEAAxJRYf%2FEABQBAQAAAAAAAAAAAAAAAAAAAAD%2FxAAUEQEAAAAAAAAAAAAAAAAAAAAA%2F9oADAMBAAIRAxEAPwDfcTqcU91MlFHyD%2F%2FZ)]
Creating a group
Then click on Create Group to create your new group.
LINKSTEP 5: CREATE A USER
Click on Next: Permissions, then add the user to the group we created in Step 4:
Creating a user: permissions
Then click on Next: Tags (we don’t set any tags here), then click on Next: Review:
Creating a user: credentials
LINKSTEP 6: CREATE A CLOUDFRONT DISTRIBUTION
Alter the following settings:
Origin domain — choose the origin for the S3 bucket we created in Step 2
S3 bucket access
→
select
Yes use OAI (bucket can restrict access to only CloudFront)
- click Create New OAI, give it a name, save it, select it
Bucket policy
→
- select Yes, update the bucket policy
Compress object automatically
- select Yes →
Viewer Protocol Policy — Redirect HTTP to HTTPS
Allowed HTTP Methods — GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Cache key and origin requests
→
select
Cache policy and origin request policy
(recommended)
Cache policy
→
- select CachingOptimized
N.B.: For your bucket to work with CloudFront, the name must conform to DNS naming requirements. For Regions launched in 2019 or later, that format is: bucket-name.s3.region.amazonaws.com
Here’s a full screenshot for the settings we’re using for devMode.fm:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-jQcHpd9k-1669738404024)(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQEAYABgAAD%2F%2FgA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcgSlBFRyB2ODApLCBxdWFsaXR5ID0gNTAK%2F9sAQwAQCwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdfYmdoZz5NcXlwZHhcZWdj%2F9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj%2F8AAEQgALQAQAwEiAAIRAQMRAf%2FEAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC%2F%2FEALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29%2Fj5%2Bv%2FEAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC%2F%2FEALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5%2Bjp6vLz9PX29%2Fj5%2Bv%2FaAAwDAQACEQMRAD8A7mNQCcKv4DmpNo9KiVfmOPX1%2FwDr1NzjqKAGRnqAD%2BdP59P1pkTdQT0PFSHpQBChO4jI69OalFMReSePyp9AH%2F%2FZ)]
Creating a CloudFront Distribution
Then click on Create Distribution.
You’ll be taken to a strange “CloudFront Private Content Getting Started” page; this isn’t an error page, and there aren’t any more steps to take.
We just need to grab a couple of settings from our newly created CloudFront distribution.
From your AWS Console, click on Services → CloudFront → then click on the CloudFront distribution we just created:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-dVPtpKKF-1669738404028)(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQIAOQA5AAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAAKABADASIAAhEBAxEB%2F8QAFgABAQEAAAAAAAAAAAAAAAAAAgMG%2F8QAHhAAAQQCAwEAAAAAAAAAAAAAAQACAxESIQQyYXH%2FxAAUAQEAAAAAAAAAAAAAAAAAAAAA%2F8QAFBEBAAAAAAAAAAAAAAAAAAAAAP%2FaAAwDAQACEQMRAD8A3E5EeOJok7KcdOFh2XtockbZ9Vm9Qg%2F%2F2Q%3D%3D)]
CloudFront Distribution Settings
We’re going to need the Distribution ID and Domain Name settings, so copy them down somewhere.
We’re all done with the AWS S3 + CloudFront setup!
LINKSTEP 7: CONFIGURE YOUR ASSET VOLUMES IN CRAFT CMS
First, we’ll need to install the first-party Amazon S3 plugin.
.env file environment variables
# S3 settings
S3_KEY_ID=XXXXXXXXXX
S3_SECRET=XXXXXXXXXX
S3_BUCKET=devmode-bucket
S3_REGION=us-east-2# CloudFront settings
CLOUDFRONT_URL=https://dnzwsrj1eic0g.cloudfront.net
CLOUDFRONT_DISTRIBUTION_ID=E17SKV1U1OTZKW
CLOUDFRONT_PATH_PREFIX=
.env file environment variables
Craft CMS Asset Volume settings
If you’re using Project Config, your project.yaml will end up looking like the following:
e69c8edb-d562-4367-9a05-91a6fd2c7d99:name: 'Devmode Episodes'handle: devmodeEpisodestype: craft\awss3\VolumehasUrls: trueurl: $CLOUDFRONT_URLsettings:subfolder: episodeskeyId: $S3_KEY_IDsecret: $S3_SECRETbucketSelectionMode: manualbucket: $S3_BUCKETregion: $S3_REGIONexpires: '3 months'makeUploadsPublic: ''storageClass: ''cfDistributionId: $CLOUDFRONT_DISTRIBUTION_IDcfPrefix: $CLOUDFRONT_PATH_PREFIXautoFocalPoint: ''sortOrder: 4
Then we can upload an image to our new Asset Volume:
Uploaded Image in the Craft CMS CP
And we can verify that the image is indeed coming from our CloudFront distribution URL:
Uploaded Image CloudFront distribution URL
LINKFILL YOUR BUCKETS
Thanks to all around great guy Jonathan Melville of CodeMDD.io for this help with this article.
FURTHER READING
- Setting Up Your Own Image Transform Service
- Creating a Reverse Proxy for Partytown with AWS Cloudfront
- Post-Mortem: Applied Image Optimization
using-aws-s3-buckets-cloudfront-distribution-with-craft-cms相关推荐
- aws s3 静态网站_如何使用AWS S3,CloudFront和命令行管理静态网站
aws s3 静态网站 by Ben Cheng 通过本诚 如何使用AWS S3,CloudFront和命令行管理静态网站 (How to manage your static websites wi ...
- AWS: S3+Lambda+CloudFront的使用(CDK)
一.简介 AWS CloudFront 是一项快速内容分发网络 (CDN) 服务,可以安全地以低延迟和高传输速度向全球客户分发数据.视频.应用程序和 API,全部都在开发人员友好的环境中完成.例如:当 ...
- aws s3 静态网站_如何将静态网站或JAMstack应用托管并部署到AWS S3和CloudFront
aws s3 静态网站 S3 and CloudFront are AWS cloud services that make serving static assets powerful and ch ...
- aws s3及cloudfront访问问题
1:s3加cdn及ec2加负载均衡后,每次解析的ip会不同,导致有些解析后的ip网络不通,导致接口及图片访问不了 2:偶尔出现无法解析的问题,或者解析时间过长(域名解析商dnspod国际版) 3:访问 ...
- aws s3 静态网站_使用AWS S3存储桶启动静态网站
aws s3 静态网站 This article explores the AWS S3 bucket to configure a static website. 本文探讨了用于配置静态网站的AWS ...
- aws rds监控慢sql_将AWS S3存储桶与AWS RDS SQL Server集成
aws rds监控慢sql This article gives you an overview of integrating AWS S3 buckets with AWS RDS SQL Serv ...
- aws s3 cli_了解AWS CLI –使用AWS CLI与AWS S3存储桶进行交互
aws s3 cli It is the second article in the Learn AWS CLI series. It gives you an overview of working ...
- cloudfront s3_如何使用S3,CloudFront和Route53托管静态网站
cloudfront s3 by Paul Berg 保罗·伯格 如何使用S3,CloudFront和Route53托管静态网站 (How to Host a Static Website with ...
- 通过亚马逊云科技实现基于 Restful API 的 CloudFront Distribution 复制/克隆功能
背景 Amazon CloudFront 是一个全球性的内容分发网络 (CDN),您可以借助 CloudFront 以低延迟和高可用性向查看者或者最终用户分发内容.通常来讲,Amazon CloudF ...
- aws s3 参与s3game寻找宝藏游戏挑战学习s3对象存储
参考资料 Pirates S3game workshop http://s3game-level1.s3-website.us-east-2.amazonaws.com/level1.html htt ...
最新文章
- UnicodeEncodeError: 'ascii' codec can't encode character....
- Science:细胞如何测量自身的大小?答案是:DNA含量
- VR/AR标准委员会成立,宣布全新的标准OpenXR
- Scala教程之:可变和不变集合
- matlab如何使用cu文件,Matlab编译cuda的.cu文件
- archlinux php mysql,arch linux上安装 httpd+php+mysql+ openssl(转)
- C#枚举类型用户标志位的代码
- [转载] Python的双端队列deque
- 1.1 文本表示——离散形式表示
- python获取线程返回值_如何从python中的线程获取返回值?
- 怎么用vc采集ni卡数据_「解决方案」三维激光扫描多数据混合作业,助力“地籍调查”...
- 阿铭Linux_网站维护学习笔记20190415
- mac top内存 cpu
- 利用Xenu查询网站死链
- string.class是什么意思?
- Win11十二月系统更新了什么内容?
- 电子商务项目设计(案例)
- Unicode blocks 统计
- 华为5c_华为5c手机价格及产品参数配置【图文】
- Jason和xml两者的区别