S3: Permit Only CloudFront Specific Distribution

Feb 14, 2022

S3: Permit Only CloudFront Specific Distribution

Amazon Web Services AWS CloudFront

Kyler MiddletonCloud IAM Advocate at IAM Pulse

Website
Twitter
LinkedIn
GitHub

{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

1{
2  "Version": "2008-10-17",
3  "Id": "PolicyForCloudFrontPrivateContent",
4  "Statement": [
5    {
6      "Sid": "PermitCloudfront",
7      "Effect": "Allow",
8      "Principal": {
9        "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity {{cloudfront-oai-id}}"
10      },
11      "Action": "s3:GetObject",
12      "Resource": "arn:aws:s3:::{{s3-bucket-name}}/*"
13    }
14  ]
15}

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.

S3: Permit Only CloudFront Specific Distribution

Get the IAM Pulse Check Newsletter