I have exposed content via an S3 Access Point. The Access Point means of exposing content is relatively new but is typically the recommended way to ensure that you give only the permissions you intended to a given source. In this case I am publishing a static site to S3 but S3 has zero access rights directly, instead this Access Point is given read-only rights but only if you have an appropriate API-Key.
What I can’t seem to figure out is … how do I make sure that Cloudflare is passing along this API-Key in order to ensure it has access. The goal – of course – is to ensure that no one other than cloudflare can access the S3 Access Point and are instead forced to go through the S3 Access Point.