I have set up AWS Cloudfront to serve files from S3.
My S3 bucket objects are successfully being served via Cloudfront on a subdomain https://files.example.com
The files are publicly accessible and have paths like https://files.example.com/my-document.pdf
Is there a way to restrict access to the Cloudfront endpoints so if the request is from a specific page https://www.example.com/gated-page the user is successfully directed to https://files.example.com/my-document.pdf but if the file URL is manually entered into the search bar, or if a link to it is on another page, the user gets redirected or blocked?
You could look into signed links. It is another way to limit access to links through Cloudfront that could work depending on your exact use case.
Another option would be to create a Cloudfront function that inspects the referer header and responds with a 403 error or a redirect if the header doesn't match.
And like someone wrote in a comment, you could use the AWS Web Application Firewall. That would probably be the most expensive option if you are not already using it.