Creating a CloudFront Role in AWS
You can add your CloudFront CDN to IO River and use it with your services. To do this, you need an AWS role that allows IO River to manage your CloudFront distributions.
The role should have the necessary permissions to manage your CloudFront distribution in your AWS account.
Role Creation
As part of the role creation, you'll need to generate a UUID to use as an External ID. You can easily create the role using one of the following methods:
- Using CloudFormation: Use this quick-create link to create the role.
- Using Terraform: Use this Terraform code to create the role.
Once you have created the role, obtain the following information:
- RoleArn: The ARN (Amazon Resource Name) of the created role.
- External ID: The UUID you generated and used when creating the role.
Add the RoleArn and External ID when configuring your CloudFront CDN here.
Notes:
- The policy within the role grants IO River access only to resources tagged with “ioriver”.
- If the role lacks the necessary permissions, adding CloudFront to your CDN providers will fail.
Managing Existing Distributions
The created role restricts access to resources tagged with "ioriver". Resources created by the IO River platform are automatically tagged with the "ioriver" Owner tag.
To work with existing CloudFront distributions, you'll need to manually add the "ioriver" tag to them.
To add the "ioriver" tag to existing distributions:
- Log in to your AWS account and navigate to the CloudFront page.
- Select the distribution you want IO River to access.
- Go to the Tags tab and click Manage tags.
- Click Add new tag.
- Under Key, type Owner, and under Value, type ioriver.
- Click Save changes.