1

CloudFront can serve S3 data hosted in public region, secured by Origin Access Identities. However, this doesn't work for S3 in GovCloud. The documentation mentions something about restricting access to CloudFront IPs, but that's not security since anyone can spin up a CF distribution. The documentation also refers to having CloudFront add custom headers to requests so the origins can discard requests without those headers, but I don't see a way for S3 to do that.

Am I missing something, or is this just not possible now?

Thanks!

Chuck Carlino
  • 21
  • 4
  • So you want to cache GovCloud data in CloudFront POPs around the world? I'm no expert on the rules with the GovCloud region, but I thought it was a special region where data is heavily restricted... – Krease Nov 16 '17 at 07:39
  • @Krease, I'm just trying to understand the alternatives. We have company-internal constraints which may not always align with actual data sensitivity.... – Chuck Carlino Nov 17 '17 at 17:39

0 Answers0