I am using the following CF policy in my S3 bucket:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<mybucket>/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::xxxxxxxxxxx:distribution/E3KFW1xxxxxxx"
}
}
}
]
}
Using Origin access control.
Error:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>WB810TMZGMYRRE6N</RequestId>
<HostId>
EU8t4ysVGXo6TpYMNhmypgBWzZ4TMnlbEgYABlF/sK2hm70octviejQocM3zx0z/Sf4cSk/1nNh2u5zK5EeYDw==
</HostId>
</Error>