BrightBot.co.uk
GitHubLinkedIn ProfileRSS Feed
Setting Up Ghost with S3 Storage Using ghost-storage-adapter-s3: Part 2

Setting Up Ghost with S3 Storage Using ghost-storage-adapter-s3: Part 2

AWS, Infrastructure, Home Lab

If you haven't read Part 1 of this series it can be found here Setting Up Ghost with S3 Storage Using ghost-storage-adapter-s3: Part 1

Amazon CloudFront is a powerful CDN for speeding up content delivery. By default, when you create a distribution, AWS gives you a long, autogenerated domain like:

d1234abcdef.cloudfront.net

That works fine, but it’s not user-friendly. For production, you’ll usually want to use your own domain — for example, content.yoursite.com — so your assets are delivered under your brand.

In this post, I’ll walk through setting up a CloudFront distribution with a custom domain alias (CNAME).

Prerequisites

  • An AWS account with CloudFront enabled. (This is covered in Part 1)
  • A domain you own (registered with Route 53 or another DNS provider).
  • An SSL/TLS certificate in AWS Certificate Manager (ACM) for your domain.

Just like the Previous post, example AWS CloudFormation templates are available on my GitHub and can be found here and navigate to the ghost-storage-adapter-s3 directory or using the individual links linked below. Or you can follow the steps to create it manually.

GitHub - atownsend247/brightbot-source-files: Provides git access to scripts and templates for associated BrightBot blog posts
Provides git access to scripts and templates for associated BrightBot blog posts - atownsend247/brightbot-source-files
GitHubatownsend247

Step 1: Request an SSL/TLS Certificate

To use a custom domain with CloudFront, you need an SSL certificate.

  1. Request a public certificate for your custom domain (e.g., content.yoursite.com).
  2. Validate the certificate using DNS or email (DNS is recommended).

Go to AWS Certificate Manager in the us-east-1 (N. Virginia) region.

Important: CloudFront only uses certificates in us-east-1, even if your distribution is elsewhere.

Once validated, your certificate will show as Issued.

Step 2: Create or Edit a CloudFront Distribution

  1. Go to CloudFront > Distributions and click Create Distribution (or edit an existing one).
  2. Under Settings → Alternate Domain Names (CNAMEs), enter your custom domain:
content.yoursite.com
  1. Under Custom SSL Certificate, select the certificate you created in ACM.
  2. Configure the rest of your distribution (origin, caching, behaviors) as usual.
  3. Save and deploy the distribution.

Step 3: Update Your DNS

Now you need to point your custom domain to the CloudFront distribution.

  1. Go to your DNS provider (Route 53 or elsewhere).
  2. Create a CNAME record for your custom domain:
content.yoursite.com → d1234abcdef.cloudfront.net
  1. Save the record.

DNS changes may take some time to propagate.

Step 4: Test the Setup

Once DNS propagation is complete:

  • Visit https://content.yoursite.com in your browser.
  • You should see content served from CloudFront.
  • Check the SSL certificate — it should show your custom domain.

Step 5: Update configuration of Ghost to Use the Adapter

In your Ghost config file (config.production.json), update the storage block assetHost property:

{
  ...,
  "storage": {
    "active": "s3",
    "s3": {
      ...
      "assetHost": "https://content.yoursite.com",
      ...
    }
  }
}

Save the config file and restart your Ghost instance to apply changes:

ghost restart

From now on, uploaded images and media will go directly to your S3 bucket instead of local disk.

Tips & Best Practices

  • Use Route 53 with Alias Records: If your custom domain is a root domain (example.com instead of cdn.example.com), use an Alias record in Route 53 instead of CNAME.
  • Leverage a CDN subdomain: Keeping CDN assets on cdn.yoursite.com helps separate them from your main domain.
  • Enable logging: CloudFront can log requests to S3 for debugging and analytics.
  • Cache policies: Fine-tune cache behavior to balance performance and freshness.

Conclusion

Setting up a CloudFront distribution with a custom domain alias gives you:

  • A cleaner, branded URL for your assets.
  • SSL/TLS encryption with your own domain certificate.
  • The speed and scalability of AWS CloudFront.

Once configured, your site looks more professional and benefits from faster, more secure content delivery.

This tutorial has talked you through fully configuring Ghost to use an external storage adapter utilising Amazon S3, Amazon CloudFront, Amazon ACM Certificate.