En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

CloudFront Origin Path

1

I do have a S3 bucket with 2 directories on top level:

  • public
  • private

and I want do use CloudFront to serve only a the files of the "public" directory so I've setup the "Origin Path" of my distribution to that folder. It works like expected but I'm wondering if the "private" directory is also distributed (but not reachable due to that specific origin path of the CF distribution)?

I really don't want the private folder to get distributed or be public reachable in any way.

So the question is: does only the stuff under "origin path" gets distributed or the whole S3 bucket?

Best regards Daniel

Sujets
StockageRéseaux et diffusion de contenu
Balises
Simple service de stockage AmazonAmazon CloudFront
Langue
English
Daniel
demandé il y a 2 ans1487 vues
1 réponse
2
Réponse acceptée

Assuming that the S3 bucket is private and that an OAI has been created. In the bucket policy, add the prefix "public" to the ARN :

"Resource": "arn:aws:s3:::mybucket/public/*"

You could also add an explicit deny statement:

{
    "Effect": "Deny",
    "Principal": {
        "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ABCDEFGHIJ1234"
    },
    "Action": "s3:*",
    "Resource": "arn:aws:s3:::mybucket/private/*"
}
profile pictureAWS
EXPERT
kentrad
répondu il y a 2 ans
  • Daniel
    il y a 2 ans

    Ok, OAI has already been created and I've updated the bucket policy regarding to your answer (finetuned the "Allow" statement and added also the "Deny" statement.

    Do you mean that this explicitly prevents distribution of the "private" directory? I just want to be sure.

  • MG
    il y a 2 ans

    With this bucket policy, CloudFront has no access to the private directory.

  • kentrad EXPERT
    il y a 2 ans

    Also, look at the S3 Access Analyzer to see if any other policy is allowing access to the 'private' prefix.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents