This is the format of a bucket policy generated with a CloudFront using origin access:
{
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::something-s3bucketroot-something/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::0123456789:distribution/ABCDEFGHI"
}
}
}
Is there a way to wildcard the SourceArn to allow for any distributions from the account?
I tried "StringLike" and left off the distribution ID but that didn't seem to work.
Alternatively, if that's not possible, is there a way to use an OR condition on multiple values on the conditional?
Works! But you need StringLike instead of StringEquals...thought I'd tried that...