How to configure CloudFront CDN for static websites

Short answer

Create a CloudFront distribution with an S3 bucket or custom origin. Configure Origin Access Control (OAC) for S3, set cache behaviors based on file types, and attach a TLS certificate from ACM for HTTPS delivery.

Details

CloudFront caches content at edge locations worldwide, reducing latency for users far from your origin. Cache behaviors let you define TTLs, query string forwarding, and compression per path pattern. Invalidations remove objects from edge caches when you update your site, though versioning filenames (cache busting) is more efficient.

For security, use OAC so the S3 bucket is not publicly readable; only CloudFront can fetch objects. Combine this with how to achieve GDPR compliance if you serve European users, ensuring you handle logs and cookies appropriately.

Tips

• Enable Brotli and Gzip compression in CloudFront to reduce transfer sizes.
• Use Lambda@Edge or CloudFront Functions for lightweight request/response manipulation at the edge.
• For multi-region architectures, review How to design a multi-region architecture on AWS to place origins strategically.