AWS CloudFront (IAM)

aws networking

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency.

Common permissions

cloudfront:ListFunctionscloudfront:GetFunctioncloudfront:DescribeFunctioncloudfront:ListKeyGroupscloudfront:GetKeyGroupcloudfront:ListPublicKeyscloudfront:GetPublicKeycloudfront:TagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudfront:ListFunctions",
        "cloudfront:GetFunction",
        "cloudfront:DescribeFunction",
        "cloudfront:ListKeyGroups",
        "cloudfront:GetKeyGroup",
        "cloudfront:ListPublicKeys",
        "cloudfront:GetPublicKey",
        "cloudfront:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid cloudfront:* — grants full control including distribution deletion and function modification
Avoid cloudfront:DeleteFunction unless needed — can remove edge functions impacting performance

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/cloudfront/cloudfront.json ↗

API

full doc /v1/iam/cloudfront