1 回答
- 最新
- 投票最多
- 评论最多
0
You haven't mentioned whether you're trying to use Origin Access Control (OAC), or Origin Access Identity (OAI - legacy).
However, the policy that you've provided looks almost correct for OAC, except for the Condition key which should look like this (no trailing slash):
AWS:SourceArn": "arn:aws:cloudfront::<AWS account ID>:distribution/<CloudFront distribution ID>"
Please take a look at the documentation for more information, particularly the section on SSE-KMS, if you're using that on your bucket
Note also that in the Cloudfront Origin settings, there's an option to copy a pre-populated policy statement that you can insert into your S3 bucket policy.
相关内容
- AWS 官方已更新 9 个月前
- AWS 官方已更新 9 个月前