Amazon CloudFront Announces Support for Resource-Level and Tag-Based Permissions

Posted on: Aug 8, 2019

You can now define Identity and Access Management (IAM) policies to specify granular resource-level and tag-based user permission in CloudFront. These new features give you increased flexibility to manage access to your CloudFront distributions.

Previously, you could apply IAM policies to manage user actions in CloudFront, but you couldn’t restrict actions to specific distributions in your account. Now, with resource-level permissions, you can configure IAM policies that reference individual CloudFront distributions—using Amazon Resource Names (ARNs) or wildcards—and specify the users and actions that have permissions on only those distributions. Similarly, with tag-based access control, you can create IAM user policies that allow or deny actions on specific CloudFront distributions based on the tags associated with them.

To get started with this new functionality, see the CloudFront Developer Guide. To learn more about Amazon CloudFront, visit our product page.