English (US) 简体中文

Articles in this section

Use a private bucket as an origin

Overview 
Authentication data:
    • Amazon 
    • Gcore 
Configure:
    • in the control panel
    • via the API

Overview

We have introduced a feature that allows the use of a private bucket inside S3-compatible storage (such as Amazon or others) as a CDN resource origin. To grant CDN servers access to content stored in the private bucket, you must specify authentication data (Access Key ID, Secret access key, Hostname, Region). Otherwise, they won’t be able to access the content.

Authentication data

You can access the necessary authentication data in the personal S3 storage account.

Amazon AWS storage

You can find the Access Key ID and Secret access key according to the "AWS Account and Access Keys" guide. 

Gcore S3 storage

You can find the Hostname and Region in the "Details" section under the Storages tab.

image_3407.png

Note: We don’t store the Access Key ID and Secret access key for S3 storage. It is your responsibility to save them after creating the storage.  If you forget them, click Generate new keys under the "Details" section. 

Configure a private bucket as an origin 

Configure a private origin in the control panel

There are two options for configuring a private bucket as an origin:

  1. Create an origin group during the CDN resource creation process;
  2. Add a group in the “Origins groups” tab and specify this group in the CDN resource setting.

The instructions below are relevant to the first option. The process for the second option is slightly different. 

To configure a private origin: 

1. Go to the CDN resource creation page, select "Accelerate and protect only static assets", and click Confirm.

image_1460.png 

A new page will open. Complete the remaining steps of the manual in the "Origin" section on this page.

In the example below, we use the private bucket "test-private" in S3 Gcore storage with the Hostname "s-ed1.cloud.gcore.lu" and configure an origin group as follows:

image_3406__2_.png

2. Select the Specify content origin option.

3. Select AWS signature V4 in the "Type of origin authentication" field.

4. Select the type of S3 storage: Amazon or other.

5. Specify the needed authentication data. It depends on the type of storage selected in the previous step.

  • For Amazon storage: Access Key ID, Secret access key, and AWS region
  • For Other: Hostname, Access Key ID, Secret access key, and Region

More information about where to find the keys can be found in the "Authentication data" section.

6. Enter the Bucket name.

7. Continue the CDN resource creation according to the "Create CDN resource for only static files" guide (steps #3–6).

Note: If you selected Amazon S3 storage in step #4, the configuration is now complete. If you selected Other and specified the Hostname after the CDN resource creation, go to the resource settings and open the Host header option in the "HTTP headers" section. Specify the URL of your storage Hostname (the URL depends on your S3 provider) in the following format: 

  • For Gcore S3 storage:
 s-ed1.cloud.gcore.lu
  • For most other storages:
s3.{region-code}.{storage hostname}

Click Save changes.

image_3409__1_.png

Configure a private origin via the API 

Next, we will explain in detail how to specify Private origin via API calls. 

Method POST
URL https://api.gcore.com/cdn/originGroups
Header Bearer {{access_token}}
application/json
Payload 
{
"name": "YourOriginGroup",
"useNext": true,
"auth_type": "awsSignatureV4",
"auth": {
"s3_type": "amazon",
"s3_access_key_id": "EXAMPLEFODNN7EXAMPLE",
"s3_secret_access_key":
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"s3_bucket_name": "bucket_name",
"s3_region": "us-east-2"
 }
}
Request parameter

For more information, see Gcore’s API documentation 
Response

201 Successful

400 Request for creation origin group is failed

403 Group creation is forbidden

To access the API and make authenticated requests, generate an access token. You can use a REST tool like cURL or Postman to send the requests. For this guide, we used Postman. 

To specify private origin by URL request:

1. In Postman, open a new request tab.

a. Set the request method to POST.

b. Enter the API URL in the request URL field.

image_3410.png

2. Go to the Auth tab.

a. Select Bearer Token from the Type dropdown.

b. Copy the generated access token and paste it into the Token field.

image_3411__1_.png

3. Go to the Body tab.

a. Select raw as the data type.

b. Select JSON from the format dropdown.

c. Enter the payload in the text area. Replace the sample values indicated by {{ }} with your actual values.

4. Click Send.

image_3412__2_.png

Related articles