Introducing Private S3 Bucket as an Origin

Introducing Private S3 Bucket as an Origin

S3 storage is a popular asset source for websites, mobile apps, and other web services. We’re happy to announce our new feature that allows you to connect your S3 bucket with non-public access as an origin to Gcore CDN with ease.

Previously, this option was available only on demand, and required sending a request to the technical support team. Today, connecting a private S3 bucket as an origin is available to everyone, and can be accessed from either the control panel UI or API.

Public and Private S3 Storage

S3 storage is the most popular and convenient solution to store and share static files on the internet. It is fast, simple, and truly scalable. S3 storage is much cheaper than web hosting storage and provides more flexibility when scaling the app.

All uploaded to S3 storage files are organized in buckets with public or private read permissions. If you choose public permission, all the files in the bucket will be available to anyone on the internet without authentication.

Private S3 buckets, on the other hand, allow reading files only for authenticated clients. The authentication process is powered by the AWS Signature V4 algorithm, so you won’t be able to retrieve the assets if you don’t have the access keys (access key ID, secret access key).

Learn more about AWS Signature V4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

Private Bucket as an Origin

Using a private S3 bucket as an origin for CDN allows you to deliver your web assets to all website or app users, but keep them secure from direct bucket access. All stored files will be hidden behind the CDN’s edge servers and remain inaccessible without authentication.

Figure 1. Private S3 storage as an origin for CDN

How to Connect

This feature is available when you choose “Accelerate and protect static assets only” as an acceleration type for your CDN resource.

To create an origin for your private S3 storage, simply go to the “Add origins group” and select AWS Signature V4 as a type of origin authentication. In this case, only one origin is available within the origins group.

You can choose Amazon S3 storage, in which case the hostname will be pre-filled, or pick Other if you’re using another S3 storage.

The control panel UI showing options and fields for setting up S3 storage
Figure 2. How to set up a private S3 storage for Gcore CDN via the control panel UI

If you prefer to manage the infrastructure via API, run the following request:

{
  "name": "YourOriginGroup",
  "useNext": true,
  "auth_type": "awsSignatureV4",
  "auth": {
    "s3_type": "amazon",
    "s3_access_key_id": "EXAMPLEFODNN7EXAMPLE",
    "s3_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "s3_bucket_name": "bucket_name",
    "s3_region": "us-east-2"
  }
}

Check out our documentation to learn more about how to manage origins groups via API: https://api.gcore.com/docs/cdn#tag/Origins/operation/create_origin_group.

If you want to proxy other files of your application or website via Gcore CDN, you will need to create one more CDN resource.

Learn more on how to set up private S3 storage as an origin: https://gcore.com/docs/cdn/cdn-resource-options/general/use-a-private-bucket-as-an-origin/

Adding a private S3 storage as an origin for CDN service is a great opportunity for our users to make their operations more flexible while meeting their security and privacy requirements.

Introducing Private S3 Bucket as an Origin

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.