Restrict access to an AWS origin - Amazon CloudFront

Restrict access to an AWS origin

You can configure CloudFront and some AWS origins in a way that provides the following benefits:

  • Restricts access to the AWS origin so that it's not publicly accessible

  • Makes sure that viewers (users) can access the content in the AWS origin only through the specified CloudFront distribution—preventing them from accessing the content directly from the bucket, or through an unintended CloudFront distribution

To do this, configure CloudFront to send authenticated requests to your AWS origin, and configure the AWS origin to only allow access to authenticated requests from CloudFront. For more information, see following topics for compatible types of AWS origins.