Can I make encrypted S3 static website only accessible through CloudFront?

0

Can I store encrypted files on S3 and then make them available through CloudFront, with the decryption key held by CloudFront? Or is there any other way the build file of the static website is hosted but the files are not accessible by any other IAM.

1 Respuesta
2

It is possible to restrict access except via CloudFront.
Follow the steps in the following document to set up OAC.
OAC can be used with S3 default encryption or with encryption using KMS.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

The following document explains OAC in detail and should be read once.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/

profile picture
EXPERTO
respondido hace 10 meses
profile picture
EXPERTO
revisado hace 10 meses
profile pictureAWS
EXPERTO
revisado hace 10 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas