_        _______           _______  _           _____  
( \      (  ____ \|\     /|(  ____ \( \         / ___ \ 
| (      | (    \/| )   ( || (    \/| (        ( (___) )
| |      | (__    | |   | || (__    | |         \     / 
| |      |  __)   ( (   ) )|  __)   | |         / ___ \ 
| |      | (       \ \_/ / | (      | |        ( (   ) )
| (____/\| (____/\  \   /  | (____/\| (____/\  ( (___) )
(_______/(_______/   \_/   (_______/(_______/   \_____/ 

Progress: |========...| 8/11


If you use an S3 bucket as the origin for a CloudFront distribution, you can either allow everyone to have access to the objects there, or you can restrict access. Usually, users shouldn't be able to get objects by simply using the direct S3 URL for the object. Instead, you want them to only access the objects by using the CloudFront URL.

Important: If you have forbidden direct access to the bucket, do not allow listing objects there. In the game, it is done for educational purposes.

Hint 1
Bucket policy is:

{
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity xxx"
    },
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::bucket/*"
}

You can get the object using d2suiw06vujwz3.cloudfront.net CloudFront distribution URL.




No hints anymore. :) Get the secret code, and go to
https://s3game-level9-<THE CODE>.s3.us-east-2.amazonaws.com/level9.html