Securing Origins in CloudFront

Understand how to secure AWS CloudFront origins by configuring Origin Access Control and Origin Access Identity to restrict unauthorized access. Learn about different origin types including S3 and custom origins, and how to use custom headers and IP restrictions for enhanced security. Explore best practices for controlling access to ensure secure, efficient content delivery.

We'll cover the following...

Origins and origin groups
Security measures and access restrictions
Securing S3 origins
- Origin Access Identity
- Origin Access Control
Securing other origins
CloudFront pricing model

Origin Access Control in CloudFront refers to the mechanism by which users can control access to the origin servers from which CloudFront retrieves content. It allows users to specify rules and restrictions on which clients or resources can access the origin servers. This helps enhance security by ensuring only authorized entities can interact with the origin servers, thereby protecting sensitive data and resources.

Origins and origin groups

Origins represent the locations from which CloudFront retrieves content. When an edge location receives a request for an object not cached locally, it initiates an origin fetch from the relevant origin. Origin Groups provide resiliency by allowing configurations with multiple origins. These origins can include S3 buckets, AWS Media Package or Media Store endpoints, and web servers.

Security measures and access restrictions

CloudFront offers several security measures to control access to content:

Signed URLs or cookies can restrict viewer access, ensuring only authorized users can access distributions. Private distributions, trusted user groups, and signed URLs or cookies provide granular control over access permissions.
We can require ...