2

I have created four S3 buckets, each with a simple index.html file and each with unique content.

I have created a CloudFront distribution and assigned it four origins, one for each of the four buckets.

Each origin has an Origin Access Identity and that OAI has been used in it's related bucket's policy, eg:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 123456789ABCDE"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-first-test-bucket/*"
        }
    ]
}

I have also set Block all public access to true for each bucket.

When I visit the CloudFront distribution name I see the content for my region.

However, when I use a geo-browser to test the distribution from another region (one closer to one of the other buckets) I see the same content.

How can I configure my CloudFront distribution to serve the closest region-specific content? (eg: us-east-1 bucket content served through CloudFront for New York users.)

Matt W
  • 11,753
  • 25
  • 118
  • 215

2 Answers2

1

Geo-browser is not perfect for testing, you should test this with a good VPN.

to verify what I am saying, try to enter a blocked website in China. geo-browser will take you to it but it is trying to trick the server to think the connection is from China by changing IP address.

This can not Trick AWS. So test with VPN (a paid one is preferable)

More Info:

How does AWS Cloudfront CDN works:

  1. when the first user from a specific region request a file
  2. the file will be streamed (copied) from S3 to the closest Cloudfront server in the user region
  3. the file will stay on this server temporary (usually 24 hours)
  4. when a second user from the same Region request the same file he/she will get the copy from Cloudfront close server too.
  5. if the same file changes on S3 it will be changes in very short time in the Cloudfront too (from 1 second to 5 minutes)
  6. So, only the first request for the file will be affected by the distance of S3 bucket, which is negligible.
  7. My recommendation is to use 1 S3 bucket only with folders specifying content depending on local (us, fr, gb, ...etc) and rely on the Cloudfront CDN to distribute content to different CDN servers for each region. I am using Cloudfront in this way and everything I wrote here is from real experiments I've done before.
  8. Conclusion: if you use CDN then the location of storage server is not a factor for speedy delivery of content.
user16930239
  • 6,319
  • 2
  • 9
  • 33
  • I have asked a friend in another country to test. With a bucket/origin in the UK and another in France, each containing a different message in their respective `index.html` files, we both saw the same content when visiting the CloudFront domain name (no custom domain involved.) What do I need to do to get each region to be served the content from its closest bucket? – Matt W Sep 29 '21 at 06:52
  • when using Amazon CDN (Cloudfront) you do not need to worry about to get each region to be served the content from its closest bucket, because the users will not connect directly to the bucket they connect to the CDN. my recommendation is to use 1 bucket only with folders specifying content depending on local (us, fr, gb, ...etc) and rely on the CDN to distribute content to different CDN servers for each region. i can elaborate if you are interested in this idea – user16930239 Sep 30 '21 at 01:55
  • Thanks @Jabbar - more detail would be awesome. I understand that users don't connect directly to the bucket, but it seems logical to have a bucket contain region-specific content (for pre-rendered content etc.) – Matt W Sep 30 '21 at 11:55
  • @MattW I've edited my answer with more info – user16930239 Sep 30 '21 at 14:35
  • Not so much, I'm afraid. I'd like to know, specifically, how to get the CloudFront servers in the user's region to get their content from the closest S3 bucket. Your point #2 mentions the closest CF server, but no the closest bucket. I have seen a demo of a site (but not an explanation of the infrastructure) which does this using just a CloudFront distribution name - without a custom domain name. – Matt W Oct 07 '21 at 09:05
1

You can use a Route53 traffic policy. Add a Geolocation rule and then a Cloudfront distribution as an endpoint.

enter image description here

David Webster
  • 2,208
  • 1
  • 16
  • 27
  • When I said “visit the distribution domain name” I meant the CloudFront name. I have not involved a custom domain name yet. (Post edited for clarity.) How can this (regional content serving) with just the CF domain name? – Matt W Sep 29 '21 at 06:45