You must be logged in to view saved presets
Restrict S3 bucket read access to a Cloudfront origin.
An S3 Bucket policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access identity.
Missing Parameters
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity "
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Allow",
"Condition": ""
},
{
"NotPrincipal": {
"AWS": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity "
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::/*"
],
"Effect": "Deny",
"Condition": ""
}
]
}Actions
Customize Template
* Required field
© 2025 asecurecloud. All rights reserved.