1. Create S3 bucket
2. Create Cloud Front
3. Edit Cloud Front Origins
3-1. Edit Cloud Front Origins -> Restrict Bucket Access -> Yes
4. Permission
Amazon S3 > Buckets > your_bucket > Permission > Bucket policy > Edit
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity [YOUR_CLOUDFRONT_ORIGIN_ACCESS_ID]"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[your_bucket]/*"
}
]
}
5. Finish