Why Not Use Google Cloud CDN?
Firstly, Google Cloud CDN requires a Google Cloud Load Balancer configured in front of your storage bucket or backend service. While powerful, this adds an extra service layer that incurs additional costs, typically starting at $20 to $30 per month, depending on your traffic and configuration.
In contrast, AWS CloudFront provides a free tier with 1 TB of data transfer out and 10 million HTTP/HTTPS requests per month indefinitely, which can significantly reduce costs for low to moderate traffic.
Given the complexity and cost structure of Google Cloud CDN — including the mandatory Load Balancer — many users choose AWS CloudFront or alternative CDNs for a simpler, more cost-effective solution, especially when pairing with Google Cloud Storage.
AWS CloudFront Free Tier
As of 2025, AWS CloudFront offers these free tier monthly limits:
- 1 TB (terabyte) data transfer out to the internet.
- 10 million HTTP or HTTPS requests.
- 2 million CloudFront Function invocations.
This free tier is available indefinitely to all AWS users, allowing substantial global content delivery at no charge if you stay within the limits.
Extra Bonus: Hiding Your Google Cloud Storage Bucket Name
Direct access URLs to Google Cloud Storage buckets exposing bucket names (e.g., https://storage.googleapis.com/my-bucket-name/...) may reveal information you want to keep private, with the below setup, we will hide the bucket name from the url as an extra bonus.
Step-by-Step: How to Set Up AWS CloudFront with Google Cloud Storage
Step 1: Log in to AWS Console
- Visit AWS Console and sign in.
- Open CloudFront from the Services menu.
Step 2: Prepare Your Google Cloud Storage Bucket
- Make your Google Cloud Storage bucket publicly accessible.
- Copy the bucket URL, for example:
storage.googleapis.com/BUCKET_NAME
Step 3: Create a CloudFront Distribution
- In CloudFront, click Create Distribution.
- Choose Web as your delivery method.
- Under Origin Domain Name, enter your bucket’s public URL.
- Adjust settings as needed:
- Viewer Protocol Policy: Redirect HTTP to HTTPS.
- Cache Policies: Use default or customize.
Step 4: Wait for Deployment of the Distribution
- Click Create distribution.
- Wait until status changes from In Progress to Deployed (this may take 10–20 minutes).
Step 5: Fix the “NoSuchBucket” Error with Lambda@Edge
Your CloudFront distribution will initially return a “NoSuchBucket” error because the Host header doesn’t match Google's expectations. To fix this, create a Lambda@Edge function to modify the Host header to storage.googleapis.com.
- Go to AWS Lambda and create a new function called ModifyGoogleStorageHost, using this code:
export const handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
// Change the Host header to your desired origin domain
request.headers['host'] = [{ key: 'Host', value: 'storage.googleapis.com' }];
callback(null, request);
};-
Publish a new version of the function:
- Click Actions > Publish new version.
- Copy the versioned ARN (function ARN that includes the version number).
-
Attach the Lambda@Edge function to your CloudFront distribution:
- In CloudFront, go to the Behaviors tab.
- Edit your default behavior.
- Scroll to Function Associations.
- Select Origin Request and paste the Lambda function ARN.
- Save changes.
Step 6: Update IAM Role Trust Policy
- In AWS IAM, locate the role linked with your Lambda function.
- Edit the Trust relationships and update the Service key to this:
[
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}- Save the updated trust policy.
Final Step: Wait for CloudFront Deployment
Allow CloudFront sufficient time to deploy these changes globally. After deployment, requests routed through your CloudFront distribution will correctly modify headers, and your Google Cloud Storage content will be delivered smoothly via AWS CloudFront CDN.