Deploying Web Access with AWS CloudFront

  • Published on Dec 12, 2025
  • 3 minute(s) read
  • CD
  • SS
 Prev Next

This guide is intended for IT infrastructure architects and DevOps professionals responsible for deploying or enabling Web Access in the AWS public cloud.

This guide applies to Nasuni Edge Appliance 10.1 and higher.

Introduction

Amazon CloudFront is a content delivery network (CDN) that uses a network of edge locations to cache and deliver content, such as web pages, videos, and images, to users with low latency.

CloudFront is more complicated to set up in AWS than an ALB and is not usually recommended. For information on setting up an ALB, see Deploying Web Access with AWS Application Load Balancer.

Prerequisites

CloudFront requires that the instance have a valid signed certificate and an FQDN that matches the certificate. To configure CloudFront, first follow the steps in this article to make CloudFront publicly available with a FQDN. The FQDN for this step is not the same as the one customers use to access CloudFront. For more information, see Deploying Web Access with an AWS Public IP.

Account Configuration

By default, Web Access restricts sessions to a single IP address. Because requests routed through CloudFront might originate from different IP addresses, this restriction must be disabled.

To have Restrict Session IP disabled for Web Access, contact Nasuni Support.

Security Group restriction to CloudFront

Once the instance is working with Direct Access, it can be locked down to only allow access from CloudFront. Edit the security group assigned to the instance and remove HTTP and HTTPS access from any IPv4. Replace with an at-rule allowing HTTPS access from the CloudFront origin-facing as the source.

This  allows access only to the instance via CloudFront. As a test, navigate to the instance's external IP address or FQDN via HTTPS. The Web Access page should no longer load.

CloudFront

This section describes CloudFront configurations specific to Web Access.

Functions

This section describes how to configure the CloudFront functions for Web Access.

To configure a function, follow these steps:

  1. Log in to https://aws.amazon.com/cloudfront/.

  2. Click the menu icon in the top left corner.

  3. From the left-side menu, click Functions.

  4. Click Create Function.

  5. Use the Name field to enter the function name.

  6. (Optional) Use the Description field to enter a description.

  7. Under Runtime, click the cloudfront-js-2.0 radio button.

  8. Click Create Function.

  9. Click the Build tab.

  10. Under Function code, click the Development tab.

  11. In the open text field, paste the following code:

function handler(event) {
  var request = event.request;
  var uri = request.uri;

  // Redirect "/" → "/fs"
  if (uri === "/") {
    return {
      statusCode: 302,
      statusDescription: 'Found',
      headers: {
        location: { value: '/fs' }
      }
    };
  }

  // Continue normally
  return request;
}

  1. Click Save changes.

  2. Click the Publish tab.

  3. Click Publish function.

  4. Click the Build tab.

  5. Under the Function area, click the Live tab.

  6. Confirm that the copy and paste function is displayed.

Distributions

This section describes how to configure the CloudFront distribution for Web Access.

To configure a distribution, follow these steps:

  1. Log in to Amazon CloudFront.

  2. Click Create a CloudFront distribution.

  3. Use the Name field to enter the distribution name.

  4. (Optional) Use the Description field to enter a description.

  5. Click the Single website or app radio button.

  6. Click Next.

  7. On the Specify origin page, set the following configurations:

    Origin type: Other

    Origin → Custom origin: Public FQDN of instance

    Origin → Origin Path: Leave Blank

    Settings → Origin Settings: Use recommended origin settings

    Settings → Cache Settings: Customize cache settings

  8. After selecting Customize cache settings, a new set of fields displays. Select the following configurations:

    Viewer protocol policy: Redirect HTTP to HTTPS

    Allowed HTTP methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

    Cache Policy: Caching Disabled

  9. Click Next.

  10. Navigate to the Enable security section, and click the Do not enable security protections radio button.

  11. Click Next.

    Note: The CloudFront distribution takes several minutes to set up.

Behaviors

After completing the distributions, configure the Web Access behaviors.

To configure the Web Access behavior, follow these steps:

  1. From the CloudFront Distributions interface, click the Behaviors tab.

  2. Click the radio button on the left side, and click Edit.

  3. Scroll down to the Function associations area.

  4. From the Viewer request drop-down, select CloudFront Functions. The Function ARN/NAME drop-down appears.

  5. From the Function ARN/NAME drop-down, select Webaccess.

  6. Click Save changes.

  7. (Optional) To monitor the deployment status, navigate to the General tab.

Testing

To confirm that the configuration was successfully set up, follow these steps:

  1. Navigate to the General tab.

  2. Use the to copy the Distribution domain name.

  3. Paste the distribution domain name in a new browser. If configured correctly, the Web Access login page displays.

FQDN Setup

To set up an alternate FQDN and upload or generate a certificate, see the following AWS documentation: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html.

Related articles