How to Create a CloudFront Distribution for a non-public AWS S3 Bucket

2 min. read

How to: Create a CloudFront Distribution for a non-public AWS S3 Bucket


This document assumes that you already have a private AWS S3 Bucket, if not, please follow the instructions here:

Creating an AWS S3 bucket

Create and Configure a Cloudfront Distribution

  • Navigate to CloudFront:
    AWS Services CloudFront

  • You should now see a list of Distributions (if any)

  • Click “Create distribution”:
    AWS CloudFront Distribution

  • Paste Bucket URL ( in the Origin Domain field:
    AWS CloudFront Origin

  • In the S3 Bucket Access section, tick “Yes use OAI (bucket can restrict access to only CloudFront)”

  • Then click “Create new OAI”. This will create a new Origin Access Identity (OAI)

  • Tick “Yes, update the bucket policy”
    AWS CloudFront OAI

  • Select Redirect HTTP to HTTPS
    AWS CloudFront HTTP to HTTPS

  • Add an alternate domain name, this is the domain name you want to link to this bucket.

  • In the “Custom SSL Certificate” section, click on “Request Certificate”:
    AWS CloudFront Request Cert

  • This will navigate to a new page, which is the AWS Certificate Manager

  • Make sure “Request a public certificate” is selected, then click “Next”
    AWS Certificate Manager

  • Refresh the AWS Certificate Manager page.

  • You should see a list of certificates.

  • Click on the Certificate ID you just created.

  • Copy the DNS Settings (CNAME and CNAME Value)

Linking Cloudfront to your Domain

Please follow the instructions in: How to Link a Google Domain to AWS S3, using Cloudfront and AWS Certificate Manager

Test your site.

You should now be able to access your site using