To configure CloudFront to serve private content, perform the following tasks:
-
(Optional but recommended) Require your users to access your content only through CloudFront. The method that you use depends on whether you're using Amazon S3 or custom origins:
- Amazon S3 – See Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
- Custom origin – See Using Custom Headers to Restrict Access to Your Content on a Custom Origin.
-
Specify the AWS accounts that you want to use to create signed URLs or signed cookies. For more information, see Specifying the AWS Accounts That Can Create Signed URLs and Signed Cookies (Trusted Signers).
-
Write your application to respond to requests from authorized users either with signed URLs or with
Set-Cookieheaders that set signed cookies. Follow the steps in one of the following topics:If you're not sure which method to use, see Choosing Between Signed URLs and Signed Cookies.