1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Can you make sure that S3 bucket is not SSE-KMS CMK encrypted.
Did you take a look at this blog post. This explains step by step process for how to "Enable SSE-KMS for CloudFront OAC".
Refer Enable SSE-KMS for CloudFront OAC section in above mentioned blog post, which explains how to update the KMS key policy for cloudfront distribution.
Check S3 bucket properties to find which KMS key is being used.
- Make sure you update the KMS key policy used in S3 encryption to allow the CloudFront service principal arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity to call kms:Decrypt on the key.
- KMS Key and S3 bucket are in same region
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr