21 6 / 2016
How to return a 404 response code for CloudFront requests (S3 origin) of a non-existent S3 object
If you are here, you already know that you get a 403 response code (unauthorized) for this scenario. I don’t want you to get drowned in the sea of confusing Amazon documentation. Below is how you can do it.
Open the AWS management console, and go to your specific bucket and click properties tab

Now under “Permissions” click “Edit bucket policy“

Your policy should look like something below. If you don’t have one, add a new one. Please note that this policy is used to access private content (via CloudFront) on S3, but it probably will work for public content as well.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "Enter your CloudFront Origin Access Identity here"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket_name/*"
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "Enter your CloudFront Origin Access Identity here"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my_bucket_name/*"
}
]
}