CloudFront - “S3 bucket access” setting

Ethsim2 · April 28, 2025, 1:15pm

Hi,

I’ve created an S3 bucket in the us-west-1 region near to my server in Phoenix NAP. However, since i’m based in UK, i’d like to create a working Cloud Front distribution for the S3 bucket for nodes in both the North America and Europe region.

However, whilst configuring the distribution i came across the bucket access setting, which had 3 options

public
OAC (Origin Access Control)
OAI (Origin Access Identity)

The OAC option alerted that

i should modify the s3 discourse policy template further to work with CloudFront.

However, the OAI option didn’t work in my instance, because

it seemed to overwrite the bucket policy with the enclosed

Is OAC a reasonable option, and deos anyone have any recommendations about the policy JSON?

Ethsim2 · April 28, 2025, 9:17pm

Given that OAC supports SSE-KMS

and the implementation relies on the administrator changing the S3 bucket policy manually, i’m not sure why AWS require this?

the policy JSON i was referring to is for IAM. However, the S3 bucket policy appears to be irrelevant?

Topic		Replies	Views
Set up file and image uploads to S3 Self-Hosting configuring , how-to	24	117729	January 24, 2025
What are the right settings to use S3 bucket (with non-Amazon URL)? Installation	19	4657	August 25, 2020
Policy and permission issues with s3 buckets? Installation s3	21	3725	December 28, 2021
S3 and Cloudfront - Setup Not Working Installation s3	19	1103	November 5, 2023
S3 bucket policy current example Support	2	1303	January 1, 2022

CloudFront - “S3 bucket access” setting

Related topics