Cloudfront Origin Access Control

- 개요

CloudFront 접근 제어 및 보안 강화를 위한 방법으로 기존의 OAI 다음으로 나온 OAC에 대해 정리 했다.

 

 

- Origin Access : Create control setting

Signing behavior
Sign requests (recommended)
Create

Bucket Policy -> Copy policy

 

 

- S3 bucket policy

{
        "Version": "2008-10-17",
        "Id": "PolicyForCloudFrontPrivateContent",
        "Statement": [
            {
                "Sid": "AllowCloudFrontServicePrincipal",
                "Effect": "Allow",
                "Principal": {
                    "Service": "cloudfront.amazonaws.com"
                },
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::test/*",
                "Condition": {
                    "StringEquals": {
                      "AWS:SourceArn": "arn:aws:cloudfront::123456789:distribution/ABCD123ASDB"
                    }
                }
            }
        ]
}

 

 

- 참고

https://aws.amazon.com/ko/blogs/korea/amazon-cloudfront-introduces-origin-access-control-oac/
https://aws.amazon.com/ko/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/