How to restrict access just to cloudfront from a custom origin server?

if i understood well, in order to create a custom origin distribution, I need to make public those files on my custom origin server.

In my case, that will be put those files into a public dir of an apache server. My question is, is it possible to restrict access to that apache server to just cloudfront?

I know how to do it to allow only one ip, but, how to do it with cf?

Thanks in advance!


You could restrict access to the published Amazon CloudFront Public IP Ranges; however, be aware of the respective disclaimer by Amazon:

The CloudFront IP addresses change frequently and we cannot guarantee advance notice of changes. On a best-effort basis, we will provide the list of current addresses. Customers should not use these addresses for mission critical applications and must never hard code them in DNS names. [emphasis mine]

Consequently you should monitor this forum/post to take notice of respective changes as early as possible (if this constraint is acceptable for your use case in the first place of course).