Skip to content

Use Cloudfront as a CDN for buckets hosted at Rumble Cloud

To use AWS CloudFront as a CDN in front of a bucket at rumble there is setup needed on the bucket at rumble and the CloudFront distribution at AWS.

To do this you will need:

  • Your Rumble Cloud Tenant ID
  • Your Rumble Cloud Bucket Name
  • An AWS account

Simple setup

Your bucket hosted at Rumble Cloud must be publicly accessible to the AWS CloudFront CDN. You can accomplish this by using a Public Read policy on the Rumble Cloud bucket you want to use with the AWS CloudFront CDN.

AWS CloudFront CDN setup

  1. Set your origin to the public endpoint for the Rumble Cloud bucket (object.us-east-1.rumble.cloud, object,us-east-2.rumble.cloud or object.us-west-1.rumble.cloud)
  2. Set the protocol to HTTPS Only.
  3. Set the Origin Path to /${Rumble Cloud Tenant ID}:${Rumble Cloud Bucket Name}. origin path settings screen

Once the AWS CloudFront Distribution completes deploying, you should be able to access objects in your Rumble Cloud bucket with the AWS CloudFront Distribution URL (e.g. https://RandomString.cloudfront.net/photo.jpg)

Advanced setup

Restricting access

Rumble bucket setup

If you want to restrict public reads of objects so that only the AWS CloudFront CDN has unrestricted read permissions you can add a condition to your policy specifying a specific Referer header (a strong random string like a UUID (i.e. f944aefc-c61e-46d7-bb12-3e9d6d35e924 ) works well here)

Bash
{
   "Version": "2012-10-17",
   "Statement":[
      {
         "Sid": "PublicReadGetObject",
         "Principal": {
            "AWS": ["*"]
         },
         "Effect":"Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "arn:aws:s3::$tenant:$bucket/*"
         ],
         "Condition": {
           "StringLike": {
             "aws:Referer": "$RandomString"
           }
        }
      }
   ]
}

AWS CloudFront CDN setup:

If you are restricting public reads to the AWS CloudFront CDN you will want to add a header to your origin settings with the header name “Referer” and the value you put in your bucket policy. Combining this with AWS CloudFront signed URLs can provide time limited access to your data through the AWS CloudFront CDN. header

Migrating your object storage to Rumble Cloud

You can use AWS Lambda@edge functions to failover between two origins. Set your Rumble Cloud bucket as the primary origin source for your AWS Cloudfront CDN failover, failing over to over to your secondary origin (legacy) storage hosted elsewhere allowing you to migrate your data to Rumble Cloud object storage without interruption.