Specify ALB as the origin of CloudFront
The following pages cover the basics of CloudFront.
https://awstut.com/en/2022/03/12/improved-origin-server-performance-with-cloudfront-cache
In the above page, the CloudFront origin server was an EC2 instance.
This page introduces a configuration in which ALB is specified as the CloudFront origin.
Environment
Create an ALB.
Place two EC2 instances in the target group.
The EC2 instance’s operating system is the latest version of Amazon Linux 2.
In both instances, Apache is installed and runs as a web server.
Create a CloudFront distribution.
Specify ALB as the origin server.
CloudFormation template files
The above configuration is built with CloudFormation.
The CloudFormation template files are located at the following URL
https://github.com/awstut-an-r/awstut-saa/tree/main/02/011
Explanation of key points of template files
(Reference) EC2
Resources:
Instance1:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref ImageId
InstanceType: !Ref InstanceType
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref PrivateSubnet1
GroupSet:
- !Ref InstanceSecurityGroup
UserData: !Ref UserData
Code language: YAML (yaml)Define two instances.
Only instance 1 will be taken up, since both have exactly the same settings.
Define the initialization process for the instance using the user data.
#!/bin/bash -xe
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
ec2-metadata -i > /var/www/html/index.html
Code language: Bash (bash)Install Apache, write the instance ID in the index file and place it in the root.
For more information on user data, please see the following page.
https://awstut.com/en/2021/12/11/four-ways-to-initialize-a-linux-instance
(Reference) ALB
Resources:
ALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Sub "${Prefix}-ALB"
Scheme: internet-facing
SecurityGroups:
- !Ref ALBSecurityGroup
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
Type: application
ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref VPC
Name: !Sub "${Prefix}-ALBTargetGroup"
Protocol: HTTP
Port: !Ref HTTPPort
HealthCheckProtocol: HTTP
HealthCheckPath: /
HealthCheckPort: traffic-port
HealthyThresholdCount: !Ref HealthyThresholdCount
UnhealthyThresholdCount: !Ref UnhealthyThresholdCount
HealthCheckTimeoutSeconds: !Ref HealthCheckTimeoutSeconds
HealthCheckIntervalSeconds: !Ref HealthCheckIntervalSeconds
Matcher:
HttpCode: !Ref HttpCode
Targets:
- Id: !Ref Instance1
- Id: !Ref Instance2
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref ALBTargetGroup
Type: forward
LoadBalancerArn: !Ref ALB
Port: !Ref HTTPPort
Protocol: HTTP
Code language: YAML (yaml)Specify the aforementioned EC2 instance as the ALB target group.
For more information on ALB, please see the following pages
https://awstut.com/en/2021/12/11/attaching-instances-in-private-subnet-to-elb
CloudFront
Resources:
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
CachedMethods:
- GET
- HEAD
Compress: true
ForwardedValues:
Cookies:
Forward: none
QueryString: false
TargetOriginId: !Ref ALBDNSName
ViewerProtocolPolicy: allow-all
DefaultTTL: !Ref CacheTTL
MaxTTL: !Ref CacheTTL
MinTTL: !Ref CacheTTL
Enabled: true
Origins:
- CustomOriginConfig:
OriginProtocolPolicy: http-only
DomainName: !Ref ALBDNSName
Id: !Ref ALBDNSName
PriceClass: PriceClass_All
Code language: YAML (yaml)Define the CloudFront distribution.
For basic information on CloudFront, please refer to the following pages.
https://awstut.com/en/2022/03/12/improved-origin-server-performance-with-cloudfront-cache
The key point is the setting regarding the origin.
Specify the DNS name of the aforementioned ALB in the DomainName property.
The TTL of the cache is set to 0.
This is to immediately check access to instances under the ALB.
Architecting
Use CloudFormation to build this environment and check its actual behavior.
Create CloudFormation stacks and check the resources in the stack
Create CloudFormation stacks.
For information on how to create stacks and check each stack, please see the following page.
https://awstut.com/en/2021/12/11/cloudformations-nested-stack
After reviewing the resources in each stack, information on the main resources created in this case is as follows
- Instance 1: i-02cd16bf6c9c34cdc
- Instance 2: i-0672f0350d8976a57
- DNS name for ALB: saa-02-011-ALB-570513604.ap-northeast-1.elb.amazonaws.com
- DNS name of CloudFront distribution: dl2r8lkbxkxkr.cloudfront.net
The AWS Management Console also checks the status of resource creation.
Check ALB.
The ALB is successfully created.
If you look at the target group of the ALB, you will see that two instances have been registered.
Check CloudFront.
The CloudFront distribution has been successfully created.
The aforementioned ALB is specified as the origin of the distribution.
Operation Check
Now that you are ready, access CloudFront.
$ curl https://dl2r8lkbxkxkr.cloudfront.net
instance-id: i-0672f0350d8976a57
$ curl https://dl2r8lkbxkxkr.cloudfront.net
instance-id: i-02cd16bf6c9c34cdc
Code language: Bash (bash)Response.
Two instances under ALB are accessible.
Incidentally, you can also access the ALB directly.
$ curl http://saa-02-011-ALB-570513604.ap-northeast-1.elb.amazonaws.com
instance-id: i-02cd16bf6c9c34cdc
$ curl http://saa-02-011-ALB-570513604.ap-northeast-1.elb.amazonaws.com
instance-id: i-0672f0350d8976a57
Code language: Bash (bash)Even if ALB is specified as the origin of CloudFront, it means that direct access to ALB is still possible.
Summary
We have shown you how to specify ALB as the origin of CloudFront.