To further optimize direct cloud storage downloads, Artifactory lets you specify CloudFront settings which will determine in which locations your artifacts will physically reside which means downloads from your S3 bucket will be via a rapid CDN.
To use CloudFront with direct cloud storage downloads, follow the steps below:
Create a CloudFront distribution as described in Getting Started with CloudFront in the AWS documentation.
Generate a key pair as described in Creating CloudFront Key Pairs for Your Trusted Signers in the AWS documentation.
In the AWS console, under CloudFront | Behaviors, set a pattern on the distribution with
Forward Query Strings = yes.
This allows files to be downloaded using the actual filename as opposed to their SHA1 value.Match up your distribution with your S3 bucket.
Note
Make sure that the distribution points to the same S3 bucket configured in your S3 Binary Provider in your
$JFROG_HOME/artifactory/var/etc/artifactory/binarystore.xml
file.In your
binarystore.xml
file, for s3-storage-v3 setenableSignedUrlRedirect
to true.Set the following CloudFront parameters in the Amazon S3 Official SDK Template of your
binarystore.xml
file:Parameter
Description
cloudFrontDomainName
The unique domain provided by AWS
cloudFrontKeyPairId
The unique identifier of the key pair you created in step 2 above
cloudFrontPrivateKey
The private key you created in step 2 above, in the following format:
----BEGIN RSA PRIVATE KEY----
........
-----END RSA PRIVATE KEY-----
The following snippet shows an example of how these parameters may look in your
binarystore.xml
file:<useSignature>true</useSignature> <cloudFrontDomainName>d2n9783dfm6kdoq.cloudfront.net</cloudFrontDomainName> <cloudFrontKeyPairId>APKPDIVCZ4OS2GY6VMGS</cloudFrontKeyPairId> <cloudFrontPrivateKey>-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAmVbCi33YzIyQMGJkNJN7NbRAEzZIxHv43nmq0b+tDM2CKX+f ........................... ........................... -----END RSA PRIVATE KEY----- </cloudFrontPrivateKey>