The Full Flow

S3 Bucket (private) → CloudFront Distribution → Users get content fast globally

Without CloudFront, your S3 files are either fully public (risky) or private (not accessible). CloudFront lets you keep S3 private but still serve content to users securely and fast.


Step 1 — Create S3 Bucket and Upload Files

  1. Go to S3 → Create bucket
  2. Give it a name, choose a region
  3. Keep Block all public access ON (keep bucket private)
  4. Upload your files — images, HTML, CSS, JS, videos etc.
  5. Try opening an image URL directly — it will show Access Denied (because bucket is private)

This is expected. We will use CloudFront to serve these files, not direct S3 links.


Step 2 — How to Access S3 Directly (Without CloudFront)

If you just want your full website accessible via S3 without CloudFront:

  1. Go to your bucket → Properties
  2. Scroll down to Static website hosting → Enable it
  3. Set index document as index.html
  4. Go to Permissions → Block public access → turn OFF (make bucket public)
  5. Add a Bucket Policy to allow public read:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
    }
  ]
}