You are building a system to distribute confidential training videos to employees.

Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

  • Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
  • Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.
  • Create an Identity and Access Management (1AM) User for CloudFront and grant access to the objects in your S3 bucket to that 1AM User.
  • Create a S3 bucket policy that lists the CloudFront distribution ID as the

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.