Use CloudFront Content Distribution Network

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Use CloudFront Content Distribution Network conformity rule settings, and copy the domain name configured for your website/web application (e.g. <domain-name>).

02 Sign in to the AWS Management Console.

03 Navigate to Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/v3/.

04 In the left navigation panel, under CloudFront, choose Distributions.

05 On the Distributions page, paste your website domain name, copied at step no. 1, into the Search all distributions box and press Enter. If the search process does not return any results, instead a No matches message is displayed, there are no Amazon CloudFront CDN distributions created for your website/web application within your AWS cloud account.

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Use CloudFront Content Distribution Network conformity rule settings, and copy the domain name configured for your website/web application (e.g. <domain-name>).

02 Run list-distributions command (OSX/Linux/UNIX) with custom query filters to determine if an Amazon CloudFront distribution origin is created for your website domain name, copied at the previous step. Replace <domain-name> with your own domain name:

aws cloudfront list-distributions
  --query "DistributionList.Items[*].Origins.Items[?DomainName == '<domain-name>'] | []"

03 The command output should return the origin metadata for the requested domain name:

[]

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Use CloudFront Content Distribution Network conformity rule settings, and copy the domain name configured for your website/web application (e.g. <domain-name>).

02 Sign in to the AWS Management Console.

03 Navigate to Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/v3/.

04 In the left navigation panel, under CloudFront, choose Distributions.

05 Choose Create distribution to start the CloudFront distribution setup process.

06 On the Create distribution page, perform the following operations:

1. For Origin, provide the following configuration information:
   • Click inside the Origin domain box and enter your website/web application domain name, copied at step no. 1 (e.g. <domain-name>).
   • For Protocol, select whether you want Amazon CloudFront to connect to your distribution origin using only HTTP, only HTTPS, or to connect by matching the protocol used by the viewer. If you enabled HTTPS for your origin, choose which SSL/TLS protocol is allowed to be used when establishing an HTTPS connection to your origin from the Minimum origin SSL protocol list. It is strongly recommended to use the latest SSL/TLS protocol supported by Amazon CloudFront.
   • (Optional) For Origin path – optional, enter a URL path to append to the origin domain name for origin requests.
   • For Name, enter a unique name for your distribution origin.
   • (Optional) For Add custom header – optional, use the Add header button to create the custom header keys and values to be included in every request made to the origin.
   • Choose Yes under Enable Origin Shield to enable and configure the Origin Shield feature.
   • (Optional) Select Additional settings if you need to change the connection settings available by default for the distribution origin.
2. For Default cache behavior, perform the following actions:
   • Choose Yes under Compress objects automatically to enable Amazon CloudFront to automatically compress files that it receives from the distribution origin before delivering them to the viewer.
   • Under Viewer protocol policy, select one of the following options to enforce HTTPS for your distribution content:
   • Select HTTP and HTTPS so that the distribution viewers can only access your content using HTTPS. Choosing this option will drop any HTTP traffic between viewers and edge servers.
   • Choose Redirect HTTP to HTTPS so that any HTTP requests are automatically redirected to HTTPS.
   • Under Allowed HTTP methods, choose the list of HTTP(S) methods to process and forward to your distribution origin.
   • Under Restrict viewer access, choose whether or not to restrict viewer access to your CDN content. If you restrict viewer access, viewers must use Amazon CloudFront signed URLs or signed cookies to access your content.
   • For Cache key and origin requests, choose Cache policy and origin request policy (recommended), then select a managed cache policy and a managed origin request policy to control the cache key and the origin requests.
   • Choose Additional settings and enable field-level encryption and real-time logging for your new CloudFront distribution.
3. (Optional) For Function associations – optional, choose whether to configure an edge function to associate with the distribution cache behavior, and select the CloudFront event that invokes the function. You can choose from two types of edge functions, CloudFront functions and Lambda@Edge functions. CloudFront functions are only available for viewer request and viewer response event types. With Lambda@Edge, your function code can access the body of the HTTP request.
4. For Settings, perform the following actions:
   • Under Price class, choose the price class associated with the maximum price that you want to pay in order to deliver your web content. For example, select Use all edge locations (best performance) to use all the edge servers made available by the Amazon Cloudfront global network for minimal latency. This price class provides worldwide coverage at higher cost.
   • (Optional) To integrate your new CloudFront distribution with Amazon WAF in order to allow or block requests based on your application requirements, select a web ACL from the AWS WAF web ACL – optional dropdown list or create a new web ACL and associate it with your distribution.
   • (Optional) For Alternate domain name (CNAME) – optional, choose Add item, and provide your custom CNAME record (for example, media.<domain-name>) to use your own domain name instead of the CloudFront distribution domain name (requires configuring a CNAME record within your domain DNS setting). To add a list of alternative domain names, use the bulk editor made available by Amazon CloudFront.
   • (Optional) Choose whether to associate a custom SSL certificate with the new distribution by selecting an existing SSL certificate from the Custom SSL certificate – optional dropdown list. If you need to purchase a new SSL certificate from the AWS Certificate Manager (ACM), choose Request certificate and follow the ACM steps to request an SSL certificate.
   • (Optional) For Supported HTTP versions, choose to enable HTTP/2 for faster content delivery. HTTP/1.0 and HTTP/1.1 are already supported by default.
   • (Optional) For Default root object – optional, specify a default root object (e.g., index.html) available in your origin root directory to avoid exposing the contents of your distribution.
   • Choose On under Standard logging to enable access (standard) logging for your CDN distribution.
   • (Optional) Select On under IPv6 checkbox to enable IPv6 version of the IP protocol if you have viewers on IPv6 networks who want to access your distribution content.
   • (Optional) Provide a short description for your new distribution in the Description – optional box.
   • Choose Create distribution to deploy your new Amazon CloudFront distribution. The distribution status will change from Deploying to Enabled once the content is deployed worldwide.

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Use CloudFront Content Distribution Network conformity rule settings, and copy the domain name configured for your website/web application (e.g. <domain-name>).

02 To create an Amazon CloudFront distribution in order to deliver your website/web application content worldwide, you must define first the distribution configuration in JSON format. Replace <domain-name> with the domain name copied at step no. 1, and save the distribution configuration document to a JSON file named cloudfront-distribution-config.json:

{
    "CallerReference": "cf-web-distribution-config",
    "Aliases": {
        "Quantity": 0
    },
    "DefaultRootObject": "",
    "Origins": {
        "Quantity": 1,
        "Items": [
            {
                "Id": "<domain-name>",
                "DomainName": "<domain-name>",
                "OriginPath": "",
                "CustomHeaders": {
                    "Quantity": 0
                },
                "CustomOriginConfig": {
                    "HTTPPort": 80,
                    "HTTPSPort": 443,
                    "OriginProtocolPolicy": "https-only",
                    "OriginSslProtocols": {
                        "Quantity": 1,
                        "Items": [
                            "TLSv1.2"
                        ]
                    },
                    "OriginReadTimeout": 30,
                    "OriginKeepaliveTimeout": 5
                },
                "ConnectionAttempts": 3,
                "ConnectionTimeout": 10,
                "OriginShield": {
                    "Enabled": false
                }
            }
        ]
    },
    "OriginGroups": {
        "Quantity": 0
    },
    "DefaultCacheBehavior": {
        "TargetOriginId": "<domain-name>",
        "TrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "TrustedKeyGroups": {
            "Enabled": false,
            "Quantity": 0
        },
        "ViewerProtocolPolicy": "allow-all",
        "AllowedMethods": {
            "Quantity": 2,
            "Items": [
                "HEAD",
                "GET"
            ],
            "CachedMethods": {
                "Quantity": 2,
                "Items": [
                    "HEAD",
                    "GET"
                ]
            }
        },
        "SmoothStreaming": false,
        "Compress": true,
        "LambdaFunctionAssociations": {
            "Quantity": 0
        },
        "FunctionAssociations": {
            "Quantity": 0
        },
        "FieldLevelEncryptionId": "",
        "ForwardedValues": {
            "QueryString": false,
            "Cookies": {
                "Forward": "none"
            },
            "Headers": {
                "Quantity": 0
            },
            "QueryStringCacheKeys": {
                "Quantity": 0
            }
        },
        "MinTTL": 0,
        "DefaultTTL": 86400,
        "MaxTTL": 31536000
    },
    "CacheBehaviors": {
        "Quantity": 1,
        "Items": [
            {
                "PathPattern": "/images",
                "TargetOriginId": "<domain-name>",
                "TrustedSigners": {
                    "Enabled": false,
                    "Quantity": 0
                },
                "TrustedKeyGroups": {
                    "Enabled": false,
                    "Quantity": 0
                },
                "ViewerProtocolPolicy": "allow-all",
                "AllowedMethods": {
                    "Quantity": 2,
                    "Items": [
                        "HEAD",
                        "GET"
                    ],
                    "CachedMethods": {
                        "Quantity": 2,
                        "Items": [
                            "HEAD",
                            "GET"
                        ]
                    }
                },
                "SmoothStreaming": false,
                "Compress": true,
                "LambdaFunctionAssociations": {
                    "Quantity": 0
                },
                "FunctionAssociations": {
                    "Quantity": 0
                },
                "FieldLevelEncryptionId": "",
                "ForwardedValues": {
                    "QueryString": false,
                    "Cookies": {
                        "Forward": "none"
                    },
                    "Headers": {
                        "Quantity": 0
                    },
                    "QueryStringCacheKeys": {
                        "Quantity": 0
                    }
                },
                "MinTTL": 0,
                "DefaultTTL": 86400,
                "MaxTTL": 31536000
            }
        ]
    },
    "CustomErrorResponses": {
        "Quantity": 0
    },
    "Comment": "",
    "Logging": {
        "Enabled": false,
        "IncludeCookies": false
    },
    "PriceClass": "PriceClass_100",
    "Enabled": true,
    "ViewerCertificate": {
        "CloudFrontDefaultCertificate": true,
        "MinimumProtocolVersion": "TLSv1",
        "CertificateSource": "cloudfront"
    },
    "Restrictions": {
        "GeoRestriction": {
            "RestrictionType": "none",
            "Quantity": 0
        }
    },
    "WebACLId": "",
    "HttpVersion": "http1.1",
    "IsIPV6Enabled": false
}

03 Run create-distribution command (OSX/Linux/UNIX) to create your new Amazon CloudFront CDN distribution using the configuration document defined at the previous step (i.e. cloudfront-distribution-config.json):

aws cloudfront create-distribution
  --distribution-config file://cloudfront-distribution-config.json
  --query 'Distribution.Status'

04 The command output should return the status of the new Amazon CloudFront distribution. When the requested status becomes "Deployed", the distribution's content is fully propagated to all CloudFront edge locations.

"InProgress"