s3
설정
bucket policy
cloudfront origin access identity 를 설정해서 비공개 버킷에 cloudfront 를 통해서는 진입을 허용한다.
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity CF_ID"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"
        }
    ]
}
cors
버킷 >  권한 >  CORS
json
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "POST",
            "GET",
            "HEAD",
            "PUT"
        ],
        "AllowedOrigins": [
            "https://YYY.com",
        ],
        "ExposeHeaders": [
            "x-amz-server-side-encryption",
            "x-amz-request-id",
            "x-amz-id-2"
        ]
    }
]
link

aws
cloudfront
cors