You can now use AWS Identity and Access Management (IAM) to regulate access to the Amazon CloudFront APIs.For example, you could easily create three separate IAM groups with names and permissions as follows:
Group CloudFrontManagement - Access to all CloudFront APIs.
Group Publisher - Access to the CreateDistribution, GetDistribution, UpdateDistribution, and GetDistributionConfig APIs.
Group StreamingPublisher - Access to the CreateStreamingDistribution, GetStreamingDistribution, UpdateStreamingDistribution, and GetStreamingDistributionConfig APIs.
A number of third-party tools and toolkits are also providing support for this new feature. Here's what I know about:
The newest version of Bucket Explorer supports IAM.
Support is expected momentarily in Boto.
Like many teams at Amazon, the CloudFront team is now hiring!