Purpose

Restrict access to data distributed via Internet, it is important to restrict access to documents, business data, media streams, or content intended for the legitimate users. You can use CloudFront private distributions to restrict access to data in Amazon S3 buckets.

How to Restrict access to these private content ?

By using signed URL one can restrict access to these private contents. Signing a URL is the process of creating an RSA digital signature using an RSA key and a policy statement. AWS provides a public-key and private-key(called as key-pair) to its users. AWS keeps the public key, and you keep the private key and use it to sign the URLs.

[Read further on restricting access to private content][1]

[Details on Using a Signed URL to Serve Private Content][2]

[Rails Gem for signing urls][3]
[1]: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/RestrictingAccessPrivateContent.html
[2]: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html?r=683
[3]: https://github.com/stlondemand/aws_cf_signer