Speed up your SyncSketch downloads using AWS CloudFront
Download speed determines how quickly SyncSketch can begin a review session. If you have an AWS account, and eliminating network latencies is mission-critical to your workflow, you can use the AWS CloudFront service to speed up your downloads.
In order for SyncSketch to provide the necessary signed CloudFront URLs, you will need to work with us directly. Here's how to set it up.
Reach out to the SyncSketch team
Let us know that you plan to use CloudFront by emailing us as support@syncsketch.com. One of our team will respond privately via email, and this will be your contact for this procedure.
Enable S3 uploads
You will need to create an S3 bucket as the CloudFront origin for your organization. This is where your uploaded media files will be stored. This procedure is documented in Setting Up Your Own S3 Bucket.
Custom S3 uploads (required for CloudFront) are only available to customers on our Enterprise and Education+ plans.
Create an SSH key pair
CloudFront URLs must be signed. For SyncSketch to provide them to your SyncSketch application, we need to use an SSH key pair. If you have the openssl command-line tool on your system, execute the following commands in the terminal console to create a pair of private and public keys.
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
If openssl is unavailable on your system, you can easily generate such a pair using the web site Cryptotools.net. Set the Key Length to 2048 and click Generate key pair.
It is recommended that you save these keys into plain text files on your system with names such as private_key.pem and public_key.pem in your home directory for reference.
Share the private key with us
Share the private key from private_key.pem with your SyncSketch contact. Avoid sharing in clear text via email; instead use an encrypted service such as OneTimeSecret.
Add the public key to CloudFront
- Sign in to AWS Console and open the CloudFront service.
- Expand the action menu at the upper left and choose Public keys from the Key management section.
- Select Create public key.
- Give the key a distinct Name.
- To copy the contents of the public key to the clipboard, you can use the cat command on any terminal:
cat public_key.pem | pbcopy
Paste the public key into the Key field in the CloudFront console.
Create a Key Group containing the new public key
- On the CloudFront console go back to the action menu at the left, and under Key management choose Key groups.
- Click Create key group.
- Give the key group a distinct Name, and make a note of it for a later step.
- Under Public keys, tick the box next to the new public key and click Create key group.
Create the CloudFront Distribution
- On the CloudFront console go back to the action menu at the left, and click Distributions at the top.
- Click Create distribution.
- Find your S3 origin bucket under Origin domain.
- Leave the Origin path field blank.
- Give the distribution a Name (Or leave the default).
- Under Origin access, chooseOrigin access control settings (recommended).
- Click "Create new OAC" button.
- Select Sign requests (recommended) and click Create without editing the other settings.
- Select the new control setting under Origin access control.
- Scroll to the Default cache behavior section and under Restrict viewer access, select Yes. This will reveal the Trusted authorization type setting.
- Set the Trusted authorization type to Trusted key groups (recommended).
- Under Add key groups, tick the box to the left of the key group you created.
- Under the Web Application Firewall (WAF) Select "Enable security protections"
- Scroll to the Settings section and under Price class choose the locations you want included in this distribution, balancing CloudFront plan price and performance.
- Click on Create distribution.
Add a policy to the CloudFront distribution
Now you must add a policy to the distribution that gives CloudFront permission to access the S3 bucket.
- On the CloudFront console go back to the action menu at the left, and click Distributions at the top.
- Wait for your new distribution to finish deploying. Its deployment Status should read Enabled.
- Click on its ID to update its configuration.
- Under Origins, click the radio button to the left of the distribution name.
- Click on Edit and find the Bucket policy settings.
- Click the Copy policy button. This copies the appropriate policy to the clipboard.
- In a new tab or window, go to the AWS S3 console
- Click on your origin S3 bucket.
- Under the Permissions tab, find the Bucket policy section and click Edit.
- Paste the copied policy into the numbered code block and click Save.
Your CloudFront distribution is set up. Once we've added your configuration on our end, your contact will let you know, and you should begin seeing snappier performance as you navigate among items.
Further Reading
To understand more about what you've just set up, please consult This AWS documentation.