I have created four S3 buckets, each with a simple index.html
file and each with unique content.
I have created a CloudFront distribution and assigned it four origins, one for each of the four buckets.
Each origin has an Origin Access Identity and that OAI has been used in it's related bucket's policy, eg:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 123456789ABCDE"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-first-test-bucket/*"
}
]
}
I have also set Block all public access
to true
for each bucket.
When I visit the CloudFront distribution name I see the content for my region.
However, when I use a geo-browser to test the distribution from another region (one closer to one of the other buckets) I see the same content.
How can I configure my CloudFront distribution to serve the closest region-specific content? (eg: us-east-1 bucket content served through CloudFront for New York users.)
Geo-browser is not perfect for testing, you should test this with a good VPN.
to verify what I am saying, try to enter a blocked website in China. geo-browser will take you to it but it is trying to trick the server to think the connection is from China by changing IP address.
This can not Trick AWS. So test with VPN (a paid one is preferable)
More Info:
How does AWS Cloudfront CDN works: