We are working on setting up a list of domain names we need to have whitelisted for educational institutions who use our site. We are using AWS S3 as well as cloudfront.
In our cloud front, we have multiple cnames set up such as d1.streaming.example.com
and d2.streaming.example.com
each pointing to a different domain name in the cloudfront system so we can track who is using what via domain.
The question is, can we just have the school whitelist *.example.com
(which is our domain) or should we have them also whitelist the *.cloudfront.com
domain as well?