CloudFront distribution with Origin equals S3 from another account

0

Hello Team, I need to create a CloudFront distribution with Origin as S3 bucket. The S3 bucket will be in different account that the CloudFront distribution. that is, CloudFront distribution in Account A and S3 bucket in Account B.

Can someone please assist on how to achieve this?

Thanks, Tausif

  • please accept the answer if it was useful

asked 5 months ago580 views
3 Answers
0
  1. Create Origin access identity (OAI) in your CloudFront
  2. Create S3 bucket policy that allows OAI
  3. Setup origin S3

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

This blog as well: https://dlim716.medium.com/aws-cloudfront-cross-account-s3-origin-setup-99dcaa51e39d

profile picture
EXPERT
answered 5 months ago
0

Hi,

You have this exact setup detailled in this article: https://dlim716.medium.com/aws-cloudfront-cross-account-s3-origin-setup-99dcaa51e39d

Best,

Didier

profile pictureAWS
EXPERT
answered 5 months ago
profile picture
EXPERT
reviewed 5 months ago
0

OAI (Origin Access Identity) is a legacy mechanism. OAC (Origin Access Control) should be preferred in its place. AWS's official recommendation and a concise summary of its reasoning is on the documentation page: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Which account the S3 bucket is in won't make a difference. It'll work with either OAC or OAI.

There's a lengthier discussion on OAC and what's new in it relative to OAI in this blog post: https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/

EXPERT
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions