---
title: "Deploying Web Access with AWS CloudFront"
slug: "deploying-web-access-with-aws-cloudfront"
updated: 2025-12-12T18:40:00Z
published: 2025-12-12T18:40:00Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nasuni.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploying Web Access with AWS CloudFront

This guide is intended for IT infrastructure architects and DevOps professionals responsible for deploying or enabling Web Access in the AWS public cloud.

This guide applies to Nasuni Edge Appliance 10.1 and higher.

## Introduction

Amazon CloudFront is a content delivery network (CDN) that uses a network of edge locations to cache and deliver content, such as web pages, videos, and images, to users with low latency.

CloudFront is more complicated to set up in AWS than an ALB and is not usually recommended. For information on setting up an ALB, see Deploying Web Access with AWS Application Load Balancer.

## Prerequisites

CloudFront requires that the instance have a valid signed certificate and an FQDN that matches the certificate. To configure CloudFront, first follow the steps in this article to make CloudFront publicly available with a FQDN. The FQDN for this step is not the same as the one customers use to access CloudFront. For more information, see [Deploying Web Access with an AWS Public IP](/v1/docs/deploying-web-access-with-an-aws-public-ip-1).

## Account Configuration

By default, Web Access restricts sessions to a single IP address. Because requests routed through CloudFront might originate from different IP addresses, this restriction must be disabled.

To have Restrict Session IP disabled for Web Access, contact Nasuni Support.

### Security Group restriction to CloudFront

Once the instance is working with Direct Access, it can be locked down to only allow access from CloudFront. Edit the security group assigned to the instance and remove HTTP and HTTPS access from any IPv4. Replace with an at-rule allowing HTTPS access from the CloudFront origin-facing as the source.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-T4RFO35O.png)

This allows access only to the instance via CloudFront. As a test, navigate to the instance's external IP address or FQDN via HTTPS. The Web Access page should no longer load.

## CloudFront

This section describes CloudFront configurations specific to Web Access.

### Functions

This section describes how to configure the CloudFront functions for Web Access.

To configure a function, follow these steps:

1. Log in to [https://aws.amazon.com/cloudfront/](https://aws.amazon.com/cloudfront/).
2. Click the menu icon in the top left corner.
3. From the left-side menu, click **Functions**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-1AOANFIK.png)
4. Click **Create Function**.
5. Use the **Name** field to enter the function name.
6. (Optional) Use the **Description**field to enter a description.
7. Under **Runtime**, click the **cloudfront-js-2.0** radio button.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-KMEO4U8Z.png)
8. Click **Create Function**.
9. Click the **Build**tab.
10. Under **Function code**, click the **Development** tab.
11. In the open text field, paste the following code:

```plaintext
function handler(event) {
  var request = event.request;
  var uri = request.uri;

  // Redirect "/" → "/fs"
  if (uri === "/") {
    return {
      statusCode: 302,
      statusDescription: 'Found',
      headers: {
        location: { value: '/fs' }
      }
    };
  }

  // Continue normally
  return request;
}
```

1. Click **Save changes**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-J7B4XT9I.png)
2. Click the**Publish**tab.
3. Click **Publish function**.
4. Click the **Build** tab.
5. Under the **Function** area, click the **Live** tab.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-I2IUGEJJ.png)
6. Confirm that the copy and paste function is displayed.

### Distributions

This section describes how to configure the CloudFront distribution for Web Access.

To configure a distribution, follow these steps:

1. Log in to Amazon CloudFront.
2. Click **Create a CloudFront distribution**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-DZ4EIYKM.png)
3. Use the **Name** field to enter the distribution name.
4. (Optional) Use the **Description**field to enter a description.
5. Click the **Single website or app** radio button.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-HTX72J4I.png)
6. Click **Next**.
7. On the **Specify origin** page, set the following configurations:

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-VZQAYML5.png)

**Origin type:** Other

**Origin → Custom origin:** Public FQDN of instance

**Origin → Origin Path**: Leave Blank

**Settings → Origin Settings:** Use recommended origin settings

**Settings → Cache Settings:** Customize cache settings
8. After selecting **Customize cache settings**, a new set of fields displays. Select the following configurations:

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-0FVL3WZ6.png)

**Viewer protocol policy:** Redirect HTTP to HTTPS

**Allowed HTTP methods:** GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

**Cache Policy:** Caching Disabled
9. Click **Next**.
10. Navigate to the **Enable security**section, and click the **Do not enable security protections** radio button.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-QGLVPWU3.png)
11. Click **Next**.

> ***Note****: The CloudFront distribution takes several minutes to set up.*

### Behaviors

After completing the distributions, configure the Web Access behaviors.

To configure the Web Access behavior, follow these steps:

1. From the CloudFront Distributions interface, click the **Behaviors**tab.
2. Click the radio button on the left side, and click **Edit**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-O597VP1K.png)
3. Scroll down to the **Function associations** area.
4. From the **Viewer request**drop-down, select **CloudFront Functions**. The **Function ARN/NAME** drop-down appears.
5. From the **Function ARN/NAME** drop-down, select **Webaccess**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-V1WAP676.png)
6. Click **Save changes**.
7. (Optional) To monitor the deployment status, navigate to the **General** tab.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-S0TC2HRF.png)

## Testing

To confirm that the configuration was successfully set up, follow these steps:

1. Navigate to the **General**tab.
2. Use the ![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-LD9J9DU1.png) to copy the **Distribution domain name**.

![](https://cdn.document360.io/2adf6ce2-c120-4520-b135-0fc4463ddde3/Images/Documentation/image-K9USVTLK.png)
3. Paste the distribution domain name in a new browser. If configured correctly, the Web Access login page displays.

## FQDN Setup

To set up an alternate FQDN and upload or generate a certificate, see the following AWS documentation: [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html.](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html.)