How can I use CloudFront to limit access to an Amazon S3 bucket?
Amazon CloudFront is an Amazon Web Services content delivery network. Content delivery networks (CDNs) are a worldwide distributed network of proxy servers that cache content, such as online videos or other large files, closer to customers, boosting download speeds.
Before you set up the restriction, make sure the CloudFront distribution’s S3 origin is set up as a REST API endpoint (VELAN-.s3.amazonaws.com).The following approach does not apply to S3 origins set up as website endpoints (VELAN-.s3-website-us-east-1.amazonaws.com).
Making a CloudFront ORIGIN ACCESS IDENTITY and putting it in the Distribution
Let’s have a look at how to build a CloudFront origin access identity and distribute it:
Choose Use an Existing Identity if an ORIGIN ACCESS IDENTITY already exists. Then, under the Identities list, select the ORIGIN ACCESS IDENTITY.
Choose Create a New Identity to create an ORIGIN ACCESS IDENTITY. Then, in the Comment section, replace the bucket name with a custom description.
Note: This step alters the S3 origin’s bucket policy to allow ORIGIN ACCESS IDENTITY
access to s3:
Examine your bucket policy.
“AWS”: “arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EAF5XXXXXXXXX”
When we choose Yes, Update Bucket Policy as part of the ORIGIN ACCESS IDENTITY setup, CloudFront adds this statement to our bucket policy.
At Velan, our server support engineers can helpto setup the restriction to access S3 buckets through cloudfront. If you are interested in our service, please fill the Quick connect form to get in touch with us.