There is one s3 bucket named content-webners which contains two directories named open (which contains publicly accessible contents) and another is secure (which contain protected HTML based contents)

Below are the credentials for above s3 bucket:

  1. For read-only access
    User: wbsreadonly
    Access key ID: AKIAJ5TPX7FTP5KD94VQ
    Secret access key: qpYo/f67eIJE8r4zNjYNlnarzJPGg1zBqmJgkI/f
  2. For read-write (Full access)
    User: wbscontent
    Password: c4bc1819deb6bfc2d0b096aadb6c5d93
    Access key ID: AKAIWCGN79DJZQONSTYQ
    Secret access key: fc5ksjHDmiSkDhPX3GZhoOtIS4yK9oODNuDrpgZ6

Below is the Bucket policy implemented to protect content in bucket when using s3 URLs

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "content-upload",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::439506861907:user/wbsreadonly",
"arn:aws:iam::439506861907:user/wbscontent"
] },
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::content-webners/*",
"arn:aws:s3:::content-webners"
] },
{
"Sid": "CloudFront-singed-URL",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E217UHE9VK1JL1"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::content-webners/*"
},
{
"Sid": "Stmt1319566860498",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::439506861907:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::content-webners/*"
}
] }

s3 bucket 1

Now CloudFront settings implemented for bucket to protect content:

s3 bucket 2
s3 bucket 3
aws

Cache behavior settings to protect HTML content.

aws 1
aws 2