         | Did this page help you? Yes No Tell us about it... |
Creating a Default Root Object
You can use CloudFront to assign a default root object for your distribution. A default root object is an object that CloudFront returns when a user's request points to your distribution's root URL instead of a specific object in your distribution. Defining a default root object avoids exposing the contents of your distribution.
For example, a request that points to a specific object in your distribution might look like this:
http://d604721fxaaqy9.cloudfront.net/image.jpg
This request returns the object image.jpg.
A request that points to the root URL of your distribution without pointing to a specific object might look like this:
http://d604721fxaaqy9.cloudfront.net/
When you define a default root object, a user request that calls the root of your distribution returns the default
root object. For example, if you designate the file index.html as your default root object,
a request for:
http://d604721fxaaqy9.cloudfront.net/
returns:
http://d604721fxaaqy9.cloudfront.net/index.html
If you define a default root object, a user request that calls a subdirectory of your distribution
does not return the default root object. For example, suppose index.html is your default root object and a
user request calls the install directory under your CloudFront distribution:
http://d604721fxaaqy9.cloudfront.net/install/
CloudFront will not return the default root object even if a copy of index.html appears
in the install directory.
The behavior of CloudFront default root objects is different from the behavior of Amazon S3 index documents. When you configure an Amazon S3 bucket as a website and specify the index document, Amazon S3 returns the index document even if a user requests a subdirectory in the bucket. (A copy of the index document must appear in every subdirectory.) For more information about configuring Amazon S3 buckets as websites and about index documents, see the Hosting Websites on Amazon S3 chapter in the Amazon Simple Storage Service Developer Guide.
![[Important]](http://docs.amazonwebservices.com/docs-common/images/important.png) | Important |
|---|---|
Remember that a default root object applies only to your CloudFront distribution. You still need to manage security for your origin. For example, if you are using an Amazon S3 origin, you still need to set your Amazon S3 bucket ACLs appropriately to ensure the level of access you want on your bucket. |
If you don't define a default root object, requests that point to the root of your distribution pass to your origin server. If you are using an Amazon S3 origin, any of the following might be returned:
A list of the contents of your Amazon S3 bucket—Under any of the following conditions, the contents of your origin are visible to anyone who uses CloudFront to access your distribution: Your bucket is not properly configured; the Amazon S3 ACLs on the distribution bucket and on the objects in the bucket grant access to everyone; access to your origin is made through your origin root URL.
A list of the private contents of your origin—If you configure your origin as a private distribution (only you and CloudFront have access), the contents of the origin are visible to anyone who has the credentials to access your distribution through CloudFront. In this case, users are not able to access your content through your origin root URL. For more information about distributing private content, see Using a Signed URL to Serve Private Content.
Error 403 Forbidden—CloudFront returns this error if you configured your origin and object ACLs so that the contents of your origin are not accessible by CloudFront (or by everyone).
To avoid exposing the contents of your distribution or returning an error, you can define a default root object for your distribution.
To define a default root object for your distribution
Upload the default root object to the origin your distribution points to.
The file can be any type supported by CloudFront. For a description of file name constraints, see the description of the
DefaultRootObjectelement in DistributionConfig Complex Type.![[Note]](http://docs.amazonwebservices.com/docs-common/images/note.png)
Note If the default root object file name is too big or contains an invalid character, CloudFront returns the error
HTTP 400 Bad Request - InvalidDefaultRootObject.Make sure that the ACLs for the object are set to enable
readaccess for CloudFront (at least).For more information about editing your bucket and object ACLs, refer to the Amazon S3 Console User Guide or Developer Guide.
Next, you need to update your distribution to refer to the default root object. You can use the AWS Management Console to update your distribution, or you can use the CloudFront API.
To update your configuration using the AWS Management Console:
Sign in to the AWS Management Console and open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/.
Select the distribution to update.
Click Edit.
For Default Root Object, enter the default root object to associate with the distribution. For example,
index.html.
To save your changes, click Yes, Edit.
To update your configuration using the CloudFront API:
Update your configuration to include the
DefaultRootObjectelement.The following example shows a CloudFront distribution configuration with the
DefaultRootObjectelement, and withindex.htmldesignated as the default root object.<DistributionConfig xmlns="http://cloudfront.amazonaws.com/doc/2010-11-01/"> <S3Origin> <DNSName>mybucket.s3.amazonaws.com</DNSName> </S3Origin> <CallerReference>20091130090000</CallerReference> <Comment>My comments</Comment> <Enabled>true</Enabled> <DefaultRootObject>index.html</DefaultRootObject> <Logging> <Bucket>mylogs.s3.amazonaws.com</Bucket> <Prefix>myprefix/</Prefix> </Logging> </DistributionConfig>For more information about updating your distribution, see Updating a Distribution's Configuration. For more information about the
DefaultRootObjectelement, go to DistributionConfig Complex Type.
Test that you have enabled the default root object by requesting your root URL.
If you don't see your default root object, ensure that your distribution is fully deployed by viewing the status of your distribution in the Amazon CloudFront console. Also, repeat steps 2 and 3, making sure that you carefully follow the process for updating your distribution.
