- Newest
- Most votes
- Most comments
Check S3 Bucket Policy:
Ensure that your S3 bucket has a bucket policy that allows access to CloudFront. Here's a sample bucket policy for S3 that allows CloudFront access: json code
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::your-account-id:distribution/your-distribution-id"
}
}
}
]
}
CloudFront Distribution Settings: Make sure that in your CloudFront distribution settings, you have configured the origin to use the S3 bucket correctly. Ensure that Origin Access Control (OAC) or Origin Access Identity (OAI) is enabled so CloudFront can access the S3 bucket. OAC is the more modern approach to secure communication between CloudFront and S3.
Hello.
The Access Denied error when using CloudFront with an S3 bucket usually indicates a permissions issue, either with the S3 bucket policy or the object permissions. you should follow bellow steps you can easily resolve it.
Step 1 Attach OAI to CloudFront
- Go to CloudFront - Select Distribution - Origins.
- Select your S3 origin - Edit.
- Set Restrict Bucket Access to Yes and choose Create New OAI - Save.
Step 2 Update S3 Bucket Policy
- Go to S3 - Bucket - Permissions - Bucket Policy.
- Add this policy replace your-bucket-name and YOUR-OAI-ID.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity YOUR_OAI_ID"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}
if you need more information please go through the Document.
https://repost.aws/knowledge-center/s3-website-cloudfront-error-403
https://medium.com/@linglijunmail/aws-cloudfront-s3-resolving-access-denied-6aab3f029fb1
Relevant content
- asked 5 years ago
- asked 2 years ago
- asked 22 days ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
Thank you!