Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (5.6k points)

Here is my policy

{

        "Version": "2008-10-17",

        "Id": "PolicyForCloudFrontPrivateContent",

        "Statement": [

            {

                "Sid": "Stmt1395852960432",

                "Action": "s3:*",

                "Effect": "Deny",

                "Resource": "arn:aws:s3:::my-bucket/*",

                "Principal": {

                    "AWS": [

                        "*"

                    ]

                }

            },

            {

                "Sid": "1",

                "Effect": "Allow",

                "Principal": {

                    "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1IYJC432545JN"

                },

                "Action": "s3:GetObject",

                "Resource": "arn:aws:s3:::my-bucket/*"

            }

        ]

    }

but, this denies requests from all the requestors, even Cloudfront. What could be the correct way to do this?

1 Answer

0 votes
by (12.4k points)

So when you add origin in Cloudfront you get an option to "Restrict bucket access" just click "Yes" and move ahead, the rest of the configuration will be done by Cloudfront automatically.

S3 policy would be 

{

"Version": "2008-10-17",

"Id": "PolicyForCloudFrontPrivateContent",

"Statement": [

    {

        "Sid": "1",

        "Effect": "Allow",

        "Principal": {

            "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXX"

        },

        "Action": "s3:GetObject",

        "Resource": "arn:aws:s3:::YYYYYYYYYYYYY.com/*"

    }

 ]

Want to learn more about AWS? Come & join: AWS Certification

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...