How to integrate Cloudfront , S3 , Apache Webserver using AWS CLI

Arvind Ramugade
7 min readOct 30, 2020

In AWS there are 3 ways we can connect to AWS

  1. using AWS Console (WebGUI/WebAPP)
  2. AWS SDK
  3. AWS CLI

AWS CLI is a command line interface & we can download latest version i.e. version 2 from AWS site. URL to download AWS CLI :

After downloading it we can verify the version as below

AWS CLI Version

We need to create HA Architecture using AWS CLI which consists of the following

  1. Webserver configured on EC2 instance
  2. Document root (/var/www/html) made persistent by mounting on EBS block device
  3. Static Objects used in code such as pictures stored in S3
  4. Setting up content delivery Network using CloudFront & using the origin domain as S3 bucket.
  5. Finally place the CloudFront URL on the webapp code for security & low latency.

Let’s launch Ec2 instance first for which we’ll need below details.

-AMI (image id)
-Instance type
-Subnet id
-EBS Storage
-Security group
-key pair name

we’ll first create key-pair using below AWS CLI command

key-pair creation

In AWS Console we can verify its creation

key-pair creation

Now we need to create security group

Before that we need to get the subnet id using below command


Let’s say we need to launch instance in “SubnetId”: “subnet-017cb1fff955684cf”within “AvailabilityZone”: “ap-south-1a”

Pls note that VPC id is “VpcId”: “vpc-7666791e”

Security group can be created as under

Security Group

Verify Security Group in AWS Console as follows

Security Group

Now we have all the details except AMI image id which we can get from AWS Console

AMI Image ID

Now we are all set to launch AWS EC2 instance.

Run the following command in CLI

aws ec2 run-instances — image-id ami-0e306788ff2473ccb — instance-type t2.micro — count 1 — subnet-id subnet-017cb1fff955684cf — security-group-ids sg-0139790bc185b1233 — key-name awscsa

It displays following

AWS EC2 Instance creation

Also, we can note that security group is attached to the instance which is currently in pending state

Security Group

We can confirm the details of running EC2 instance as follows

EC2 Instance Creation

We have to now create an EBS volume of size 1 GIB & attach to this instance.

EBS Volume is regional specific i.e. we need to create EBS volume in the same Availability Zone in which the instance is running. In our case Availability Zone is ap-south-1a

To create EBS volume from AWS CLI we need to fire below command

EBS Volume

Pls note the volumeId which we require while attaching this volume to EC2 instance.

In AWS Console we can verify this volume as follows

EBS Volume Creation

Now the next step is to attach this EBS volume to our EC2 instance.

Since above EBS volume is available we can attach to EC2 instance.

Before attaching the newly created EBS volume we can verify the storage of our EC2 instance as under

EC2 Instance Storage

The AWS CLI command to attach EBS Volume to EC2 instance is :

aws ec2 attach-volume — volume-id vol-0745799d627bdf202 — instance-id i-0393a4c4fb8303ba4 — device /dev/sdf

Attaching EBS Volume to EC2 instance

In below picture, we can see /dev/xvdf is the new EBS volume of size 1 GiB is attached.

EBS Volume attached to EC2 Instance

In below picture, we can see /dev/xvdf is the new EBS volume of size 1 GiB is attached.

Let’s create partition of 100 MiB under this new volume

Next step is to format the partition

We need to Mount this partition with the the folder /var/www/html/ (Document Root).

next task is to configure Webserver on EC2 instance

we’ll first install Apache Web Server on EC2 instance using following command

yum istall httpd -y

httpd installation on EC2 instance

After installing httpd software we need to create our web page under /var/ww/html folder

Web Page

Next step is to start httpd service using below command

We are done with Webserver configuration..

We can check the webpage using following url in browser

Webpage launched successfully

Now, let’s create S3 Bucket & Upload data inside it

s3 bucket creation using AWS CLI

Verify the bucket using AWS Console as under

Bucket is empty at the moment.

empty bucket

Make sure that the bucket has public access

We can copy local file to S3 using below AWS CLI command

copy local file to S3 Bucket

Verify through AWS Console that the file has been uploaded to S3 bucket

file uploaded to S3 bucket

We can try accessing the file using S3 URL given below

We’ll specify this URL in document root and try to access this again.

Now the last step is to Create CloudFront Distribution & Integrate with S3 & Web Server .

CloudFront Architecture

Typically packet routing over the internet poses below risks
Security threat as there might be possibility of cloning packets over public internet
Reliability issue in terms of Network speed (low latency)

Cloudfront service helps addresses these issues. Whenever client requests any data Cloudfront does following

1. It has built in intelligence using which it connects to the nearest edge location.
2. If the data is in the local cache of edge location then it pickup the data & delivers to the client through its own high fiber optic Amazon high speed network.

If the data is not present then it will fetch the data first time through the source (origin) & delivers to the client. At the same time it creates a local copy of the data (known as Cache) to serve future requests.

So irrespective of client locations it connects to the nearest edge location & serve the request thus reducing latency & further improves user experience.
Cloudfront uses Origin Access Identity (OAI) which restrict the access to S3 content. Edge locations are smaller size of data centers which serves the content across the globe using Amazon High Speed network.

Command to create CloudFront distribution is as under

CloudFront distribution creation

From AWS console we can verify as under

CloudFront created

We can use below Domain Name(CloudFront URL) to access the data from Edge Locations with less latency & high network speed.

Origin Domain name is listed below

Now we’ll place CloudFront URL on the webapp code for security & low latency.

We can now easily access the web page as we did by visiting the web server url

Thanks for going through the blog..

Hope you like the article & understood the CloudFront distribution concept.



Arvind Ramugade

Cloud Professional experienced in BFSI ,Telecom, Insurance domain with fortune 500 clients spread across USA, Europe, Canada, Australia and India.