Reputation: 552
Block public access on S3, accessible from Cloudfront?
I just received an email informing that my S3 buckets are publicly accessible, which is fine because I am hosting files there.
At the same time, I have Cloudfront serving the files stored in S3.
Thinking of a more secure configuration, a doubt arose: if I disable public access in S3, will the files still be served properly by Cloudfront?
Thanks for your time in advance!
Upvotes: 6
Views: 6943
Answers (2)
Reputation: 5239
At creation time, you would tick the "Block Public Access" checkbox.
Then you will configure Origin Access Identity through CloudFront.
Upvotes: 1
Reputation: 3203
If your files are in an S3 bucket that is not configured as Website Endpoint then you should just make the S3 bucket private and let CloudFront serve the requests.
For this, you would want to setup Origin Access Identity. This allows you to keep your bucket private and only allow access through CloudFront.
Documentation: Restricting Access to Amazon S3 Content by Using an Origin Access Identity
Upvotes: 10
Related Questions
- How to configure amazon cloudfront to block some S3 bucket files access?
- Creating an S3 bucket policy that allows access to Cloudfront but restricts access to anyone else
- Restrict Amazon S3 to CloudFront and http referrer
- Allow CloudFront to access S3 origin while also having S3 bucket Block all public access?
- How to make a public bucket only accessible from cloudfront without OAI?
- AWS Restrict access from cloudfront to load balancer
- Restrict access to AWS Cloudfront hosted content
- Restrict S3 object access using CloudFront
- Protect Private Data in Amazon S3
- How to allow CloudFront to access certain S3?