- Newest
- Most votes
- Most comments
Hi Gary, Sorry newbie here. What isn't required? I Currently have my origin domain pointing to example.com with redirect to https, and i've updated the root domain bucket policy but I still get a 403
Hey Gary, I found a website in which you could turn off block all access as it was going through cloudfront as I don't want people gaining access to my bucket objects, mainly the pictures.
So I have re-enabled block public access, added both domain names into the alternative domain name. However adding both into the domain name now stops the www.website from working. I get 403 ERROR The request could not be satisfied for both, but they do have https in front of them, so I know that bit is working.
Both my DNS records point to the cloudfront distribution and my root object to set to index.html.
I do have a WAF in front, do you think that could be causing an issue?
also doing www.example.co.uk/index.html doesn't work either I get a 403 error
Hi Gary, so this is my bucket policy currently on my domain bucket. It doesn't have static website hosting enabled either, so only objects can be public Block public access set to OFF. { "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::domain bucket/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::"
My cf origin name is my s3 bucket website endpoint, origin name is set to my domain name with HTTPS only set. Behavior screen my origin is set to the bucket website endpoint, protocol set to redirect to HTTPS
Hey Sarah,
There seems to be some miss configuration here.
Block public access is off but you have no policy allowing public access and static website hosting is not enabled. So you can re-enable block public access as the policy on your bucket is OAC for cloudfront.
Have you added both domain names to the alternative domain name configuration to your cloudfront configuration?
Do your dns records point to the cloudfront distribution as aliases?
Do you have a root object configuration in your cloudfront configuration?
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Hey Sarah, Can you share bucket policy omitting/masking any sensitive information. Also ssl config on your CF distro
Public access to S3 isnt required if your using OAC..