How to Integrate CloudFront Distribution with EC2 Origin | AWS

This post will guide you in integrating the EC2 DNS name with the CDN CloudFront.

What is CloudFront?

Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience. Amazon CloudFront speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users.

How does CloudFront work?

CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

  • If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
  • Suppose the content is not in that edge location. In that case, CloudFront retrieves it from an origin that you’ve defined — such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.

Let’s Get Started…


  1. AWS Account with EC2 and CloudFront Access.
  2. Preconfigured public EC2 Linux instance.

In this demo, I will be using an EC2 Ubuntu instance for installing Nginx webserver and integrating the EC2 DNS name with CloudFront.

Configuration in EC2

Lets ssh into the server

ssh -i "key.pem" ubuntu@EC2-IP

Perform an update and install Nginx.

sudo apt-get update -y 
sudo apt-get upgrade -y
sudo apt-get install nginx net-tools -y

Now check if Nginx is running on the instance.

sudo service nginx status

Run the Netstat command to check whether port 80 is up.

netstat -tulnp

Open port 80 in the security group and check whether the Nginx is accessible from the browser using the instance IP.

Now, Let’s integrate with CloudFront.

Creating CloudFront Distribution

Navigate to CloudFront service from the AWS console.

Click on the create distribution.

Select protocol as HTTP since there is no SSL configured in the EC2 server and change the Origin path if needed.

CloudFront doesn’t allow IP as an origin so you need to copy the “Public IPv4 DNS” of the EC2 instance and paste it into the origin domain.

“A public (external) IPv4 DNS hostname takes the form for the us-east-1 Region, and for other Regions. The Amazon DNS server resolves a public DNS hostname to the public IPv4 address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance”

Here I have selected Redirection from HTTP to HTTPS.

CloudFront provides a set of managed cache policies that you can attach to any of your distribution’s cache behaviors. With a managed cache policy, you don’t need to write or maintain your cache policy. The managed policies use settings that are optimized for specific use cases.

In the settings part, You can use all edge locations for best performance or restrict it to specific regions.

If you have a domain and you need to access the CloudFront content. This can be done by adding a subdomain in the “Alternate domain name” and after the distribution creation, there will be a CloudFront Distribution URL generated, and add this as a CNAME record in your DNS. So the site would be available from your domain.

You can also integrate SSL using AWS ACM. ACM needs to be created in the us-east-1 region and choose the SSL certificate in the “Custom SSL certificate”.

Now click on the create distribution and wait for CloudFront to get deployed.

Once it is deployed, Copy the Distribution URL and then check whether you can access it from the browser with redirection.

It worked…..

Multiple Websites Nginx

If you have configured multiple websites in a single Nginx server and they will be having different “server_name”, In that case, you need to forward the HOST header to the Nginx server.

Editing the settings of an existing behavior

  1. Open the CloudFront console, and then choose your distribution.
  2. Choose the Behaviors tab, and then choose the path to which you want to forward the Host header.
  3. Choose Edit.
  4. Under Cache key and origin requests, confirm that Legacy cache settings are selected. If it’s not set, then follow the steps in the preceding section to create a cache policy. If Legacy cache settings are selected, then complete the following:
    For Headers, select Include the following headers.
    From the Add header dropdown list, select Host.
  5. Choose Save Changes.

CloudFront Invalidation

Amazon CloudFront’s invalidation feature, which allows you to remove an object from the CloudFront cache before it expires, now supports the * wildcard character. You can add a * wildcard character at the end of an invalidation path to remove all objects that match this path.

Invalidation tab → Create Invalidation

Using the * wildcard character in the invalidation path is useful for many use cases. For example, if you’re doing a new deployment, you can now just use /* to invalidate the entire distribution.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: