Go to My Security Credentials in AWS Management Console

At the prompt click Continue to Security Credentials

Click on Users and then Add Users

Give a meaningful name to the user and allow only Programmatic access

Click Attach existing policies directly & filter CloudFront. Assign CloudFrontFullAccess policy

Ignore the tags option & click Review

Review the new user creation & click Create User

Copy the Access key ID & Secret access key, by clicking the download .csv button or manually copying them & then click close.

Note

If you wish to use a custom domain name on your cloudfront distribution, you may need to add the AWSCertificateManagerFullAccess permission too