How To Create An AWS User With Limited Permissions To Access Cloudfront

Go to My Security Credentials in AWS Management Console

At the prompt click Continue to Security Credentials

Click on Users and then Add Users

Give a meaningful name to the user and allow only Programmatic access

Click Attach existing policies directly & filter CloudFront. Assign CloudFrontFullAccess policy

Ignore the tags option & click Review

Review the new user creation & click Create User

Copy the Access key ID & Secret access key, by clicking the download .csv button or manually copying them & then click close.

Note

If you wish to use a custom domain name on your cloudfront distribution, you may need to add the AWSCertificateManagerFullAccess permission too