There is one s3 bucket named content-webners which contains two directories named open (which contains publicly accessible contents) and another is secure (which contain protected HTML based contents)
Below are the credentials for above s3 bucket:
- For read-only access
User: wbsreadonly
Access key ID: AKIAJ5TPX7FTP5KD94VQ
Secret access key: qpYo/f67eIJE8r4zNjYNlnarzJPGg1zBqmJgkI/f - For read-write (Full access)
User: wbscontent
Password: c4bc1819deb6bfc2d0b096aadb6c5d93
Access key ID: AKAIWCGN79DJZQONSTYQ
Secret access key: fc5ksjHDmiSkDhPX3GZhoOtIS4yK9oODNuDrpgZ6
Below is the Bucket policy implemented to protect content in bucket when using s3 URLs
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "content-upload",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::439506861907:user/wbsreadonly",
"arn:aws:iam::439506861907:user/wbscontent"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::content-webners/*",
"arn:aws:s3:::content-webners"
]
},
{
"Sid": "CloudFront-singed-URL",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E217UHE9VK1JL1"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::content-webners/*"
},
{
"Sid": "Stmt1319566860498",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::439506861907:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::content-webners/*"
}
]
}
Now CloudFront settings implemented for bucket to protect content:
Cache behavior settings to protect HTML content.
Leave A Comment