Restricting access to CloudFront by IP

amazon-web-services amazon-s3 amazon-cloudfront
Moshe Shaham picture Moshe Shaham · Sep 10, 2017 · Viewed 25k times · Source

I want to restrict bucket access to certain IPs. I know how to create a bucket policy from Restricting Access to Specific IP Addresses.

My question: Can this work with CloudFront? How? Can I allow only certain IPs to access CloudFront?

Answer

Kannaiyan picture Kannaiyan · Sep 10, 2017

Web Application Firewall is your friend.

http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-ip-conditions.html

Create your rule with your IP Addresses and rest "WAF" will take care.

You need to apply this to the required CloudFront Distribution.

You can restrict your bucket policies to CloudFront and restrict to your required IP's through CloudFront.

Related questions

Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy

I'm receiving the following error on a couple of Chrome browsers but not all. Not sure entirely what the issue is at this point. Font from origin 'https://ABCDEFG.cloudfront.net' has been blocked from loading by Cross-Origin Resource Sharing …

Read More
When to use Amazon Cloudfront or S3

Are there use cases that lend themselves better to Amazon cloudfront over s3 or the other way around? I'm trying to understand the difference between the 2 through examples.

Read More
What client tools are available to manage Amazon S3 and CloudFront?

I just started using the Amazon S3 and Amazon CloudFront. What proper client tools are out there that I can use to manage my account? Like uploading files etc. Yes I am a developer, but, I am pressed for time, …

Read More