How to manage Private Content for Amazon CloudFront Distribution?

Amazon S3 allows you to make your Distribution Private. If you subscribe for Amazon Cloud Front services then you can mange your Private Content Distribution. Private Distribution helps you to manage your bucket's contents differently for different users. You can give access to the end user by providing Signed URL .

Basics of Amazon CloudFront Private Content:
 

1. Origin Access Identity: It is a set of Unique-Id.
   • » Origin Access Identity-Id : It is used at the time of creating/updating private distribution.
   • » S3 Canonical User Id : It is used at the time of updating ACL, with giving read permission to it.
2. » Trusted Signer : For each AWS account (other than owner) on which you want to assign signing authority and who can sign URLs for your distributed bucket is called TrustedSigner.
   • Aws Account Number: AWS account holder has unique account number which is displayed in the top right corner of account owner's Account Activity page at http://aws.amazon.com . You can add this account number in the list of Trusted Signer. You can add maximum five account numbers other then owner.

How can Bucket Explorer helps you :

1. Create a Private Content Distribution.
2. Update an existing Distribution to make it Private.
3. Get Origin Access Identity Details.
4. Set Access Control List for S3 Canonical User Id .
5. Manage Origin Access Identity.
   • List all existing Origin Access Identity.
   • Delete Origin Access Identity.
   • Refresh

Create a Private Content Distribution:

STEP:1 Run Bucket Explorer. Click on Distribution button present in bucket tool bar or you can select Manage Distribution by right click on bucket. The List Distribution window will be opened.

STEP:2 Click on New button. A new window for Create Distribution will open.

STEP:3 Click on Advanced button present in left side bottom corner. A new window will be opened having check box for option Make Private Content Distribution .

STEP:4 Select the check box will make the distribution private. Next to this check box you will find one check box Use Existing Origin Access Identify . Check the Use Existing Origin Access Identify will show all existing origin access identity in combo box and its respective S3 canonical user Id in text filed. If you want to create new, then Click on Generate Origin Access Identify button will provide new Origin Access Identity and S3 Canonical User Id. Once you have selected from above two options either Use Existing Origin Access Identity or Generate Origin Access Identity , you have associated S3 canonical user ID with Distribution. You will find “Trusted Signer Details” field to Add Trusted Signer . Provide the Trusted Signer Account number and Add/Delete it from table. You can add maximum five Account numbers. Owner not need to add account number, owner is already added by-default. After this click on “OK” button. Now clicking on Create button from Create Distribution window will create private content distribution. Click on Refresh will show the status “In Progress” in main Distribution window for that particular bucket.

Update existing Distribution to make it Private:

STEP:1 Run Bucket Explorer. Click on Distribution present in bucket tool bar or you can select Manage Distribution by right click on bucket. The distribution window will be opened. Click on Update button present in toolbar. A new window will open for Update Distribution .

STEP:2 You will find Advanced button present in left side bottom corner. The procedure to associate S3 canonical user ID and Trusted Signer Details with Distribution, will be same as mentioned above for Creating a Private Content Distribution .

Get Origin Access Identity Details:

STEP:1 Once Status , get “Deployed” on main Distribution window, you can see "Get Access Origin Details" by right click on bucket name on which you have created/updated Distribution.

STEP:2 A Properties window will be opened which shows the Origin Access Identity Details and Added Trusted Signers .

Set Access Control List for S3 canonical user Id:

Manage Origin Access Identity:

Run Bucket Explorer. Click on Distribution present in bucket tool bar or you can select Manage Distribution by right click on bucket. The List Distribution window will be opened. Click on Origin Access Identity List .

A new window will be opened which shows the list of existing Origin Access Identity with three buttons in tool bar. Refresh : Refresh will refresh the listing Delete : Delete will delete the selected Origin Access Identity. Copy (S3 canonical Id) : Copy option will allow you to copy the s3 canonical Id. Close the Origin Access Identity List window.