[Cloudfront]The Request are failing with error code 403 after enabling ALL_viewer origin request policy

Question

We have configured AWS Cloudfront with custom Origin to forward our request to API gateway .As by default QueryStrings are not forwarded to origin . to accommodate new requirement of application , we need to forward QueryStrings to custom origin. But when we enable Origin request policy to forward QueryStrings to Origin(we are using AWS managed "AllViewer" policy for origin request policy ). Once enabled all call to API gateway started failing with error code 403.

Note:- We don't want to cache request for this custom origin.( but it also failing with caching enabled for Querystring)

Note:- We don't want to cache  request for this custom origin.( but it also failing with caching enabled for Querystring)

Answer

This is likely due to the fact that the AllViewer policy also include all request headers. This means that the incoming host header is also being forwarded to the origin. My guess is API Gateway is looking for a different host header than the incoming host header that is being forwarded. The easiest way to resolve this is to use a new custom origin request policy that has query strings set to All, but headers set to none (or only forwarded the appropriate headers that you do need).

[Cloudfront]The Request are failing with error code 403 after enabling ALL_viewer origin request policy

관련 콘텐츠