Access Denied Accessing Cloudfront Distribution Signed URL From Node JS

0

Hi all, So I'm getting error 'Access Denied' from a Cloudfront Signed URL linked into S3 Bucket generated by my Node JS Server. I have added full access for the S3 Bucket & Cloudfront to the IAM Users that my Node JS uses as its credential. I Also have created a key pair to use.

Enter image description here Enter image description here Enter image description here Enter image description here Signing URL using cloufront signer from NODE JS

Can anyone help? I'm new to AWS. Thank you!

1 Answer
0

Hi,

Hope you are doing well!

From your post, I understand that you have configured CloudFront distribution with S3 bucket as origin to restrict viewer access and are using your NodeJS application to generate the signed URL to access the same.

Looking at the error screenshot that you have shared on the post, we can see that the response contains “RequestId” and “HostId”. This means that the HTTP 403 access denied error has been generated by your S3 bucket. Please note that both of these are S3 response headers and are only generated by S3 after it receives the request, validating that that the HTTP 403 access denied error has been generated by your S3 bucket. Since the error has been generated by the S3 bucket, we can say that the CloudFront signing mechanism that you have implemented is working as expected.

Now, looking at the snippet of S3 bucket policy that you have shared indicates that you have configured CloudFront origin access control (OAC). Hence, to troubleshoot this error, I would recommend you to check the following:

  1. Ensure that CloudFront OAC and its respective bucket policy is configured correctly
  2. Ensure that the object is owned by the same AWS account as the bucket owning account.
  3. Ensure that the object that you are trying to access exists in the S3 bucket configured as the origin.

You can refer to the following documents to get more information on troubleshooting HTTP 403 error on S3:

Troubleshoot Access Denied (403 Forbidden) errors in Amazon S3 - https://docs.aws.amazon.com/AmazonS3/latest/userguide/troubleshoot-403-errors.html

Restrict access to an Amazon Simple Storage Service origin - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Access Denied error with CloudFront and S3 - https://repost.aws/knowledge-center/s3-rest-api-cloudfront-error-403

Checking the above points and following the listed documents should help you overcome the problem that you have been facing. However, if you are still facing access denied error, we would require additional details that are non-public information to troubleshoot this problem. Please open a support case with AWS using the following link: https://console.aws.amazon.com/support/home#/case/create

Have a great day ahead

AWS
SUPPORT ENGINEER
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions