AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Can't acces Cloudfront distribution + S3 bucket from custom domain

0

Hi, I've been learning terraform, and created a S3 bucket hosting a nuxt app and a cloudfront distribution pointing to said bucket. This setup is working perfectly when accessing the bucket via the Distrib url, however I want to use a custom subdomain from a domain name I own (I'm using OVH for the domain). I've set up the DNS record like so: [xxxx.yyyy.fr] CNAME [Distrib URL]. I also created an ACM certificate pointing to said subdomain, had it validated using DNS entries, and added it to the distrib. I have the custom subdomain set up in the cloudfront Alternate Domain Names.

To note: I have set up both the certificate and alternate domain name as "xxxx.yyyy.fr" and not "*.xxxx.yyyy.fr", I don't know if that could be the issue.

Whenever I visit the subdomain, I'm getting a "This site can't be reached", "DNS_PROBE_FINISHED_NXDOMAIN". I've also checked the CNAME record propagation, and it seems to be configured properly.

I've set up the bucket Policy like so:

{
    "Version": "2008-10-17",
    "Id": "Policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::[REDACTED BUCKET NAME]/*"
        }
    ]
}

Here are the S3 CORS policy

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "POST",
            "GET",
            "HEAD",
            "DELETE",
            "PUT"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 0
    }
]

Any ideas as to why I can use the distrib's url but not my custom subdomain ? Thanks.

주제
스토리지네트워킹 및 콘텐츠 전송
태그
아마존 심플 스토리지 서비스아마존 CloudFront테라폼
언어
English
Kevin-DDR
질문됨 3달 전132회 조회
2개 답변
0

It sounds like you've set up the S3 bucket as a website (I get that from the CORS settings). You don't need to do this with CloudFront. Using Origin Access Control (OAC) you can set up S3 so that only the CloudFront distribution that you own can access it; and the S3 bucket can be set to "private" (ii.e. no public access). Then (because the S3 bucket isn't set up to be a website) you don't need to configure CORS. When you configure the OAC identity it will tell you what the bucket policy needs to be.

For more information: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

profile pictureAWS
전문가
Brettski-AWS
답변함 3달 전
  • Klod
    2달 전

    Hello and thank you for your reply! If I already have a S3 bucket configured as static website can I still use it and disable static hosting, or do I need to create a brand new bucket? Thanks

  • Brettski-AWS 전문가
    2달 전

    You can just disable static hosting.

0

The error message indicates a DNS problem.

You mention that you used the distribution URL for the value in the CNAME record - this should be a domain name, not a URL. Review the documentation for setting this up and testing it.

AWS
전문가
Paul_L
답변함 3달 전
profile picture
전문가
Gary Mclean
검토됨 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠