An S3 Bucket policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access identity.

 
Tags
API and CLI Access
Console Access
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Principal": [
                {
                    "CanonicalUser": ""
                }
            ],
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::/*"
            ],
            "Effect": "Allow",
            "Condition": ""
        },
        {
            "NotPrincipal": [
                {
                    "CanonicalUser": ""
                }
            ],
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::/*"
            ],
            "Effect": "Deny",
            "Condition": ""
        }
    ]
}
Customize Policy
* Required field