Advantages of Using CloudFront with S3 Bucket Blocked Public Access.

Bucket can be accessed from CloudFront? If I Block all public access?
Yes, an Amazon S3 bucket can be accessed through CloudFront even if Block all public access is enabled, but you’ll need to configure the bucket and CloudFront properly.

My articles are open for everyone; non-member readers can read the article by clicking this link.

How It Works?

When you enable “Block all public access” on your S3 bucket, the bucket denies direct public access. However, CloudFront can still access the bucket because CloudFront does not require public access — it uses an identity-based approach via an Origin Access Control (OAC) or Origin Access Identity (OAI) to retrieve content securely.

Here’s how you can achieve this securely:

Steps to Allow Access via CloudFront While Blocking Public Access

1. Enable “Block All Public Access” on the S3 Bucket

• Go to the S3 console.
• Select your bucket.
• Click on Permissions → Block Public Access settings.
• Enable Block all public access and save.