2 Answers
- Newest
- Most votes
- Most comments
0
As you're already using WAF then setup web access control lists (web ACLs) to limit access to just a range of IPs that matches your VPN https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html
Then apply this to the CloudFront distribution.
You can also restrict access using CloudFront directly https://repost.aws/knowledge-center/cloudfront-access-to-amazon-s3
0
If you want to access to S3 buckets outside of cloudfront and only from your VPN, you could use something like a VPC s3 gateway endpoint and on the buckets only allow access from specific VPC endpoints.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html
Relevant content
- asked 2 years ago
- asked 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago