1 個回答
- 最新
- 最多得票
- 最多評論
0
You haven't mentioned whether you're trying to use Origin Access Control (OAC), or Origin Access Identity (OAI - legacy).
However, the policy that you've provided looks almost correct for OAC, except for the Condition key which should look like this (no trailing slash):
AWS:SourceArn": "arn:aws:cloudfront::<AWS account ID>:distribution/<CloudFront distribution ID>"
Please take a look at the documentation for more information, particularly the section on SSE-KMS, if you're using that on your bucket
Note also that in the Cloudfront Origin settings, there's an option to copy a pre-populated policy statement that you can insert into your S3 bucket policy.
相關內容
- AWS 官方已更新 8 個月前
- AWS 官方已更新 9 個月前
- AWS 官方已更新 1 年前