Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Platform Administration
  2. General

JFrog SaaS with Amazon CloudFront CDN

πŸ“˜

Subscription Information

This feature is supported on the Cloud (SaaS) platform, with an Enterprise X or Enterprise+ license.


The JFrog SaaS with Amazon's CloudFront CDN solution allows Enterprise users to manage, control and distribute high volumes of software distribution across multiple locations.

The main advantages of using Artifactory with CDN are:

  • Integrated advanced CDN solution without having to deal with the complexity of setting up a separate external CDN Caching system.

  • Powerful fine-grained permissions model and authentication capabilities, as well as allow access to content via signed URLs.

  • Full control of which content is accessible via CDN as the CDN can be enabled at the repository level and can be managed using the UI or via the REST API.

  • Apply country and IP filtering.

Supported Cloud Vendors and Regions

CDN is supported on AWS only, including AWS marketplace customers. All AWS regions are supported except for North California and China.

CDN functionality is integrated into JFrog Cloud and is available for the following subscription types.

Subscription/FeatureEnterprise XEnterprise +
CDN for Public Content
CNAME with own SSL
CDN CNAME/ SSL, Signed URL
IP Allow List
CDN for authenticated users

Download Artifacts from Artifactory with CDN

The following workflow occurs when users download artifacts from Artifactory with CDN:

  1. The user submits a download artifact request to Artifactory.

  2. Artifactory sends back a redirected CDN URL to the user.

  3. A redirected download request is automatically routed by the user to the nearest CDN.

  4. The requested artifact is downloaded to the user.



Allow CDN Redirect in JFrog Cloud

Some JFrog customers limit clients' egress traffic with a domain-based allowlist. When CDN redirect is enabled, calls to cloudfront.net are blocked unless explicitly allowed. It is technically possible to add the entire cloudfront.net domain to the Allow List, but this solution is permissive and insecure.

To support these scenarios, you can add CloudFront redirectΒ URLs to the JFrog Cloud Allowlist. Identify your CloudFront CDN endpoint, and add that domain to the Allowlist.

In addition, customers who already use a CNAME on top of their JFrog service want to extend the coverage of their CNAME to the CDN. To extend your custom CNAME to point to the CloudFront domain contact JFrog Support. You must provide an SSL certificate in PEM format, including chain, certificate, and a 2048-bit key.





Updated about 2 months ago