By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Why will cloudfront only open my www. website which is my subdomain and not my domain name? Eg example.com

0

I am developing a static website and I have 2 s3 buckets, 1 domain and the other a subdomain which were created through route 53. It's all up and running , however if I put in www.example.com in the website comes up but I get a 403 error when I do the same for example.com.

Also why can't cloudfront see the images? I get access denied

These aren't my domain names I have my own Thanks

Topics
StorageNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAmazon CloudFrontAmazon Route 53
Language
English
Sarah
asked 4 months ago292 views
4 Answers
0

Hi Gary, Sorry newbie here. What isn't required? I Currently have my origin domain pointing to example.com with redirect to https, and i've updated the root domain bucket policy but I still get a 403

Sarah
answered 4 months ago
  • Gary Mclean EXPERT
    4 months ago

    Hey Sarah, Can you share bucket policy omitting/masking any sensitive information. Also ssl config on your CF distro

  • Gary Mclean EXPERT
    4 months ago

    Public access to S3 isnt required if your using OAC..

0

Hey Gary, I found a website in which you could turn off block all access as it was going through cloudfront as I don't want people gaining access to my bucket objects, mainly the pictures.

So I have re-enabled block public access, added both domain names into the alternative domain name. However adding both into the domain name now stops the www.website from working. I get 403 ERROR The request could not be satisfied for both, but they do have https in front of them, so I know that bit is working.

Both my DNS records point to the cloudfront distribution and my root object to set to index.html.

I do have a WAF in front, do you think that could be causing an issue?

Sarah
answered 4 months ago
0

Hi Gary, so this is my bucket policy currently on my domain bucket. It doesn't have static website hosting enabled either, so only objects can be public Block public access set to OFF. { "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::domain bucket/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::"

My cf origin name is my s3 bucket website endpoint, origin name is set to my domain name with HTTPS only set. Behavior screen my origin is set to the bucket website endpoint, protocol set to redirect to HTTPS

Sarah
answered 4 months ago
0

Hey Sarah,

There seems to be some miss configuration here.

Block public access is off but you have no policy allowing public access and static website hosting is not enabled. So you can re-enable block public access as the policy on your bucket is OAC for cloudfront.

Have you added both domain names to the alternative domain name configuration to your cloudfront configuration?

Do your dns records point to the cloudfront distribution as aliases?

Do you have a root object configuration in your cloudfront configuration?

profile picture
EXPERT
Gary Mclean
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content