- Newest
- Most votes
- Most comments
- Create Origin access identity (OAI) in your CloudFront
- Create S3 bucket policy that allows OAI
- Setup origin S3
This blog as well: https://dlim716.medium.com/aws-cloudfront-cross-account-s3-origin-setup-99dcaa51e39d
Hi,
You have this exact setup detailled in this article: https://dlim716.medium.com/aws-cloudfront-cross-account-s3-origin-setup-99dcaa51e39d
Best,
Didier
OAI (Origin Access Identity) is a legacy mechanism. OAC (Origin Access Control) should be preferred in its place. AWS's official recommendation and a concise summary of its reasoning is on the documentation page: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
Which account the S3 bucket is in won't make a difference. It'll work with either OAC or OAI.
There's a lengthier discussion on OAC and what's new in it relative to OAI in this blog post: https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 8 months ago
please accept the answer if it was useful