Restricting Access to Amazon S3 Content by Using an Origin Access Identity

Originally published at: https://sweetops.com/sub/restricting-access-to-amazon-s3-content-by-using-an-origin-access-identity/

If you’re using an Amazon S3 bucket as the origin for a CloudFront distribution, you can either allow everyone to have access to the files there or restrict access by creating and using an origin access identity. If you limit access by using, for example, CloudFront-signed URLs or signed cookies, you also won’t want people to be able to view files by simply using the direct URL for the file. Instead, you want them to only access the files by using the CloudFront URL, so your protections work.