OAC not working as Expected

Question

My OAC for the bucket.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowCloudFrontServicePrincipalReadOnly",
			"Effect": "Allow",
			"Principal": {
				"Service": "cloudfront.amazonaws.com"
			},
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::/*",
			"Condition": {
				"StringEquals": {
					"AWS:SourceArn": "arn:aws:cloudfront:::distribution/"
				}
			}
		}
	]
}

Accepted Answer

Hello.

Your S3 bucket policy appears to be correct based on the bucket policy described in this document.  
Have you configured all OAC settings using the configuration steps provided in the document below?  
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Answer

I've stepped away for a couple of months and needed a reminder, my retention curve is a little steeper than I would like. Thanks. I was using a website endpoint, so splitting the data and website and configuring two CloudFronts was an easy fix.

OAC not working as Expected

相關內容