MZULKAMAL Ent.

,

Setup Amazon s3 with CloudFront – Kentico

Posted by

Muhammad Zulkamal Zulkifli

In this article you will learn how to:

  • Create Amazon S3 bucket
  • Setup CloudFront distribution
  • Create user and give permission to access S3 bucket
  • Configure Kentico Instance to use Amazon S3 and CloudFront as a external storage

Before I start, I assume you already logged in to Amazon Cloud Console dashboard. 

Create Amazon S3 bucket

  1. Navigate to Amazon s3 services. 
  2. Hit “Create bucket” button. 
  3. Give name to the bucket. eg : demo-web
  4. Set AWS Region to your nearest region. In this example I will use Asia Pasific (Singapore) ap-southeast-1 region
  5. Under Object ownership Choose ACLs enabled and Object Ownership set to Bucket owner preferred.
  6. Set Public Access setting for this bucket as per image below. 
  7. Set bucket Versioning to disable
  8. Tags is optional, you can set the tag for this bucket for easy reference in the future, I will skip this option.
  9. Set default encryption to disable
  10. Hit “Create bucket” button.

Setup CloudFront distribution

  1. Navigate to CloudFront Services
  2. Hit “Create distribution” button
  3. Select Origin Domain with S3 bucket we just create.
  4. Leave origin path & Name to empty
  5. Set Enable Origin Field to No
  6. Set Path Pattern to Default(*)
  7. Set Compress objects automatically to Yes
  8. Viewer protocol policy set to “Redirect HTTP to HTTPS”
  9. Allow HTTP method set to “GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE” and select OPTION method also
  10. Restrict viewer access set to No
  11. Cache key and origin request set to Cache policy and origin request policy (recommended)
  12. Cache Policy set to “CachingOptimized”
  13. Leave all other fields to default value and Hit “Create distribution” button.

Once Done, click on the distribution we just created and navitage to Origins tab

  1. Select the origin we just created and click Edit button
  2. Go to the S3 bucket access
  3. Choose “Yes use OAI (bucket can restrict access to only CloudFront)”
  4. Select Origin access identity – Create new OAI if you don’t have any OAI
  5. select bucket policy to “Yes, update the bucket policy”.
  6. Click Save changes

Create user and give permission to access S3 bucket

  1. Navigate to IAM services. 
  2. Click Users under Access management menu
  3. Click Add users button
  4. Insert user name value. eg: S3_user_demo
  5. Select AWS credential type to Access key – Programmatic access 
  6. Select Permission to “Attach existing policies directly”
  7. Fillter policies to S3 – Choose AmazonS3FullAccess policies
  8. Click Next : Tags button
  9. Leave it empty, you can set tags for future reference. – click Next : Review button
  10. Click Create User button
  11. Copy Access key ID and Secret access key or you can download in .csf file to you computer. 

Configure Kentico Instance to use Amazon S3 and CloudFront as a external storage

  1. Open web.config in your Kentico Instance
  2. Under appSettings add keys below: –
    •  <add key=”CMSExternalStorageName” value=”amazon”/>
    • <add key=”CMSAmazonAccessKeyID” value=”<Access key ID>” />
    • <add key=”CMSAmazonAccessKey” value=”<secret key> />
    • <add key=”CMSAmazonBucketName”  value=”<Your bucket name>” />
    • <add key=”CMSAmazonPublicAccess” value=”true” />
    • <add key=”CMSAmazonEndPoint” value=”https://<cloudfront domain>” />
  3. You can get Access key id and secret key at step when you create user to access S3 bucket. 
  4. Bucket name you can get when you create S3 bucket, in this example bucket name is “demo-web”
  5. CloudFront domain you can get when you finished create CloudFront Distribution.
  6. Once finish configure web.config. Login to kentico backend and go to Setting module. 
  7. Navigate to System >> Files. Make sure Store files in  set to File System.
  8. Navigate to System >> Performance. Tick Redirect files to disk. Click Save.

*You can refer on Kentico documentation more on how to configure Kentico to use Amazon S3 bucket as external storage.
https://docs.xperience.io/k12sp/custom-development/working-with-physical-files-using-the-api/configuring-file-system-providers/configuring-amazon-s3

Once done all process above. you can test from kentico Media Library module to upload, delete and update file. 
You should be able to get cloudfront domain with path of the file once upload file finish to indicate the configuration is successfull. 

Good luck, Happy coding.!