I believe you want to ensure that authenticated users are unable to share the link generated to give them access to the content stored in your S3 bucket. I would advise to restrict access to content that you serve from Amazon S3 bucket, users will only be able to access your files through CloudFront, not directly from the S3 bucket.
You will need to Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there. In addition, I have provided a documentation with guided steps to restricting access to Amazon S3 .
Refer for References
Pros and cons of restricting user access to certain regionsAccepted Answerasked 7 months ago
How to restrict download permission for content served from presigned-urlasked 11 days ago
Media access restricted to certain FQDN.asked 6 months ago
Adding OAI to CloudFront after the distribution is createdasked 8 months ago
Kinesis Video Stream with Content moderation (AWS Rekognition)asked 7 months ago
Service Control Policy for restricting certain write actions to specific regions onlyasked 3 months ago
Restricting access to video content using cloudfrontasked 2 months ago
CloudFront Authenticated Origin PullsAccepted Answerasked 2 years ago
Access restriction in CloudFrontAccepted Answerasked 3 years ago
Correct process for configuring S3 bucket so ONLY Cloudfront can access?asked 3 years ago