I want to restrict bucket access to certain IPs. I know how to create a bucket policy from Restricting Access to Specific IP Addresses.
My question: Can this work with CloudFront? How? Can I allow only certain IPs to access CloudFront?
Web Application Firewall is your friend.
http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-ip-conditions.html
Create your rule with your IP Addresses and rest "WAF" will take care.
You need to apply this to the required CloudFront Distribution.
You can restrict your bucket policies to CloudFront and restrict to your required IP's through CloudFront.