We have introduced a feature that allows the use of a private bucket inside S3-compatible storage (such as Amazon or others) as a CDN resource origin. To grant CDN servers access to content stored in the private bucket, you must specify authentication data (Access Key ID, Secret access key, Hostname, Region). Otherwise, they won’t be able to access the content.
You can access the necessary authentication data in the personal S3 storage account.
You can find the Access Key ID and Secret access key according to the "AWS Account and Access Keys" guide.
You can find the Hostname and Region in the "Details" section under the Storages tab.
Note: We don’t store the Access Key ID and Secret access key for S3 storage. It is your responsibility to save them after creating the storage. If you forget them, click Generate new keys under the "Details" section.
There are two options for configuring a private bucket as an origin:
The instructions below are relevant to the first option. The process for the second option is slightly different.
To configure a private origin:
1. Go to the CDN resource creation page, select "Accelerate and protect only static assets", and click Confirm.
A new page will open. Complete the remaining steps of the manual in the "Origin" section on this page.
In the example below, we use the private bucket test-private
in S3 Gcore storage with the Hostname s-ed1.cloud.gcore.lu
and configure an origin group as follows:
2. Select the Specify content origin option.
3. Select AWS signature V4 in the "Type of origin authentication" field.
4. Select the type of S3 storage: Amazon or Other.
5. Specify the needed authentication data. It depends on the type of storage selected in the previous step.
More information about where to find the keys can be found in the "Authentication data" section.
6. Enter the Bucket name.
7. Continue the CDN resource creation according to the "Create CDN resource for only static files" guide (steps #3–6).
Note: If you selected Amazon S3 storage in step #4, the configuration is now complete. If you selected Other and specified the Hostname after the CDN resource creation, go to the resource settings and open the Host header option in the "HTTP headers" section. Specify the URL of your storage Hostname (the URL depends on your S3 provider) in the following format:
{bucket-name}.s-ed1.cloud.gcore.lu
{bucket-name}.s3.{region-code}.{storage-hostname}
Note: The bucket in the "Host header" is very important to specify for the security of the storage data outside the bucket.
Click Save changes.
Next, we will explain in detail how to specify Private origin via API calls.
Method | POST |
Header | Bearer {{access_token}} application/json |
Payload |
{ "name": "YourOriginGroup", "useNext": true, "auth_type": "awsSignatureV4", "auth": { "s3_type": "amazon", "s3_access_key_id": "EXAMPLEFODNN7EXAMPLE", "s3_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "s3_bucket_name": "bucket_name", "s3_region": "us-east-2" } } |
Request parameter | For more information, see Gcore’s API documentation |
Response |
201 Successful 400 Request for creation origin group is failed 403 Group creation is forbidden |
To access the API and make authenticated requests, generate an access token. You can use a REST tool like cURL or Postman to send the requests. For this guide, we used Postman.
To specify private origin by URL request:
1. In Postman, open a new request tab.
a. Set the request method to POST.
b. Enter the API URL in the request URL field.
2. Go to the Auth tab.
a. Select Bearer Token from the "Type dropdown".
b. Copy the generated access token and paste it into the "Token" field.
3. Go to the Body tab.
a. Select raw as the data type.
b. Select JSON from the format dropdown.
c. Enter the payload in the text area. Replace the sample values indicated by {{ }}
with your actual values.
4. Click Send.
Was this article helpful?
Learn more about our next-gen CDN