Question 19967 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

S3 Redirect with Cloudfront getting "Access Denied" error Message

I am trying to use an S3 bucket to redirect from one website to another. The redirect from "http://example.com" works, but I can’t get the redirect from "https://example.com", "http://www.example.com" or "https://www.example.com" to work.

I have an S3 bucket called "example.com". I then created a Cloudfront distribution, attached the custom SSL certificate, and added "example.com" and "www.example.com" as Alternate Domain Names.

I’m getting this access denied message:
enter image description here

I’m assuming that I am not doing something correctly on the policy settings for the S3 bucket. Any guidance?

I am using the following bucket policy:
enter image description here

I am not currently using the "Access Control List".

Tags:

2

Answers


  1. 0

    For the Cloudfront Distribution redirection to https, it is necessary to configure ACM SSL certificates. provision a certificate exactly for the subdomain.example.com and use the same alternate domain name subdomain.example.com unless there would be an SSL handshake error.

    enter image description here

    • Select your Origin domain and path
    • In the origin access -> use Origin access control settings (recommended) -> Origin access control -> Create Control Settings -> Copy the bucket policy from this screen and update it to your s3 bucket policy.

    enter image description here

    • Follow the behavior settings as follows: specify your Origin and origin groups

    enter image description here

    Login or Signup to reply.
  2. 0

    Basically, there are 2 approaches that you can setup CloudFront with S3.

    1. Your S3 bucket is public accessible and CloudFront origin with S3 is public
    • Ensure your S3 bucket does not having enabled Block Public Access
    • Ensure your S3 bucket policy is having Public Read Access
    • Ensure you can access your S3 bucket object publicly via your web-browser
    • Ensure you have configured your CloudFront origin with S3 using Public mode
    1. Your S3 bucket is private and CloudFront origin must be configured with access control
    • Ensure your S3 bucket is having enabled Block Public Access
    • Ensure your S3 bucket policy is added with correct policy.
    • Ensure you have configured your CloudFront origin with S3 using one of Access control mode, such as OAC

    For testing, you can try the Public approach, but for better secure, you can follow the approach from Zeeshan comment.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search