TL;DR
- S3のパブリックアクセスはブロックのままに、バケットポリシーで許可。
- CloudFrontでアクセスできる設定をする
- 認証Cookieをsecure属性で付与して、アクセス!
参考文献
https://zenn.dev/bun913/articles/cloudfront-cors-policies
https://qiita.com/hmatsu47/items/dde84a8d059ea2eb62dc
https://tk-ch.hatenablog.com/entry/20221216/1671178609
https://qiita.com/tadasuke/items/9f9fe00115a7f0199e05
https://dev.classmethod.jp/articles/cf-s3-private-content-signed-cookies-with-wildcard/
https://dev.classmethod.jp/articles/cloudfront-signed-cookie/
https://qiita.com/nareff/items/514a9e246779dc1b9489
https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html#private-content-custom-policy-statement-cookies-values