Reputation: 145
Amazon CloudFront vs. S3 --> restrict access by domain?
On Amazon S3, you can restrict access to buckets by domain.
But as far as I understand from a helpful StackOverflow user, you cannot do this on CloudFront. But why? If I am correct, CloudFront only allows time-based restrictions or IP restrictions (--> so I need to know the IP's of random visitors..?) Or am I missing something?
Here is a quote from S3 documentation that suggests that per-domain restriction is possible:
---> " To allow read access to these objects from your website, you can add a bucket policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages. "
--> Is there a way to make this method work on CloudFront as well? Or why something like this is not available on CloudFront?
--> Is there a similar service where this is possible, easier to setup?
Upvotes: 3
Views: 8397
Answers (1)
Reputation: 36073
Using CloudFront along with WAF (Web Application Firewall), you can restrict requests based on IP address, referrers, or domains.
Here is a AWS blog tutorial on restricting "hotlinking".
In this example, it prohibits requests where the Referrer: header does not match a specific domain.
Upvotes: 10
Related Questions
- When to use Amazon Cloudfront or S3
- How to restrict Cloudfront access to my domain only?
- Creating an S3 bucket policy that allows access to Cloudfront but restricts access to anyone else
- Block public access on S3, accessible from Cloudfront?
- Restrict Amazon S3 to CloudFront and http referrer
- Allow CloudFront to access S3 origin while also having S3 bucket Block all public access?
- Amazon cloudfront - s3 or ec2?
- Can I still use CloudFront if I gave my users a direct S3 URL?
- Cloudfront URL vs S3 URL on AWS
- AWS Bucket or CloudFront?