Cloudfront private content + signed urls architecture

Question

Let me start out with a quick introduction to the architecture of a system I\'m considering migrating to S3+Cloudfront.

We have a number of entities order in a tree.

Answer 1

Assets in the same bucket can have different privacy policies. So you can have public and private assets in the same bucket.

At upload time, just set the privacy setting.

Then just sign the URL to access the private assets.