How to Configure a CloudFront Distribution for PDA Protected Videos

After setting up a private S3 bucket for your protected videos, you’ll need to set up a Cloudfront distribution and then input its URL and key pairs under PDA Protected Videos settings page accordingly.

It’s highly recommended to protect videos hosted on Amazon S3 bucket with HLS format. If you’re using HLS videos, please skip this step.

In this tutorial, we will show you how to set up a CloudFront distribution as well as getting an Access Key ID & RSA key for our PDA Protect Videos extension as quickly as possible.

  1. Log in to the AWS Console
  2. Setup a CloudFront Distribution
  3. Get CloudFront Key Pairs
  4. Create WAF Rules (optional)

Log in to the AWS Console

  • Already have an Amazon Web Services (AWS) account? Sign in here.
  • If you don’t have an AWS account yet, you will need to sign up here.

Setup a CloudFront Distribution

Step 1: Go to your CloudFront console then click on Create Distribution.


Step 2: Choose your Amazon S3 Bucket for video content storage under Origin Domain field.

Step 3: Configure default cache behavior settings as per our attached screenshot.

Step 4: Select Legacy cache settings. Under Object caching option, choose Use origin cache headers.

Step 5: Scroll down and click on Create Distribution.

Step 6: Go back to CloudFront Distributions and locate the CloudFront link you have created under Domain Name column.


Simply copy and paste it into the CloudFront URL field under our plugin’s settings page. It’s important to add your domain protocol, i.e. http:// or https://, before the domain name.

Get CloudFront Key Pairs

Go back to your AWS console and then click on “My Security Credentials”.


In the CloudFront key pairs section, click on Create New Key Pair button.


Click on “Download Private Key File” and you’ll get a .pem file.

The Access Key ID associated with created RSA key will display under the CloudFront key pairs section.

Fill in your CloudFront key pairs in our CloudFront Configuration with Access Key ID and the downloaded .pem file content is the RSA KEY.

Create WAF Rules (optional)

Step 1: On the WAF console, click Create web ACL.


Step 2: In the first step, we will set the name and CloudFront distribution that we want to apply the rule.


Step 3: Create the condition.

Selected values:

  • Sample Name: only-accept-range-header
  • String match
  • Header
  • range
  • Contains
  • Convert to lowercase
  • bytes
Filter result:  Header ‘range’ contains: “bytes” after converting to lowercase.

Step 4: Only allow those requests that match the rule.


Step 5: Confirm and create it.

That’s it!

It’s time to move on to the next step: Embed our S3 shortcode into your content

Lasted updated on March 7, 2022