By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can I make encrypted S3 static website only accessible through CloudFront?

0

Can I store encrypted files on S3 and then make them available through CloudFront, with the decryption key held by CloudFront? Or is there any other way the build file of the static website is hosted but the files are not accessible by any other IAM.

Topics
StorageComputeNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAmazon S3 GlacierWebsite ProvisioningStorageAmazon CloudFront
Language
English
Rishabh
asked 10 months ago256 views
1 Answer
2

It is possible to restrict access except via CloudFront.
Follow the steps in the following document to set up OAC.
OAC can be used with S3 default encryption or with encryption using KMS.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

The following document explains OAC in detail and should be read once.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/

profile picture
EXPERT
Riku_Kobayashi
answered 10 months ago
profile picture
EXPERT
Hiroki Takahashi
reviewed 10 months ago
profile pictureAWS
EXPERT
secondabhi_aws
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content