Bypassing the S3 origin via Origin Access Control

  1. Created one bucket and uploaded the HTML file.

2. Created the CloudFront distribution

Give the origin domain from s3. Set up the OAC setting to access the content from CloudFront not from your source.

After creating the distribution, change the bucket policy like below.

"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": ""
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::2024-2/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::885078309492:distribution/EPGR2WE4GVY2V"

After Activating the distribution, your S3 bucket URL not working. Your Cloudfront URL only working.