AWS News Blog

IAM Now Available for Amazon CloudFront

You can now use AWS Identity and Access Management (IAM) to regulate access to the Amazon CloudFront APIs.For example, you could easily create three separate IAM groups with names and permissions as follows:

Group CloudFrontManagement – Access to all CloudFront APIs.

Group Publisher – Access to the CreateDistribution, GetDistribution, UpdateDistribution, and GetDistributionConfig APIs.

Group StreamingPublisher – Access to the CreateStreamingDistribution, GetStreamingDistribution, UpdateStreamingDistribution, and GetStreamingDistributionConfig APIs.

You can create an IAM policy using the AWS Policy Generator and then apply it using the AWS Management Console.

A number of third-party tools and toolkits are also providing support for this new feature. Here’s what I know about:


CloudBerry Explorer for Amazon S3 (pictured at right) allows you to control access to individual APIs. Read their blog post for more info.


The newest version of Bucket Explorer supports IAM.


Support is expected momentarily in Boto.

Like many teams at Amazon, the CloudFront team is now hiring!

— Jeff;