问题
Is it possible to restrict an Amazon S3 website endpoint to CloudFront only? I see this is possible for S3 rest endpoints but was wondering if there were any new workarounds to do this for S3 website endpoints.
回答1:
For website endpoint you can use bucket policy to allow only CloudFront IP address, not restrictive as OAI but still a way. http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
For S3 as an origin, CLOUDFRONT_REGIONAL_EDGE_IP_LIST IP address are not used unless you're using lambda@edge or AWS has enabled it intentionally so you can allow only CLOUDFRONT_GLOBAL_IP_LIST.
来源:https://stackoverflow.com/questions/55710926/restrict-amazon-s3-website-endpoint-to-cloudfront