first you will need to create users on your AWS account, next you assign roles to these users, given them access to AWS services such as s3. Then you create Identity access for theses roles and relax yourself. AWS does the rest. you dont need to bother about cloudfront APIs. if you do what is needed as outlined here, problem would be solved.
