Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Is it correct that the original domain doesn't use OAI on the cloud front?

0

I connected s3 and cloudfront using oai.

So, since I connected using oai, I couldn't access the s3 domain using the original domain.

In my opinion, the distribution domain is accessed using oai and the original domain, and the original domain seems to be a rest api to access the s3 domain.

I wonder if my thinking is correct.

Themen
SpeicherVernetzung & Bereitstellung von Inhalten
Tags
Amazon Simple Storage ServiceAmazon CloudFront
Sprache
English
joker
gefragt vor 2 Jahren214 Aufrufe
1 Antwort
0
Akzeptierte Antwort

The bucket policy determines the access to your bucket. By setting it up for OAI access you're effectively denying any other web-based access to the bucket. You can (if you like) add an Allow statement but that kind of defeats the purpose of using OAI which is to restrict access to the bucket only to CloudFront.

profile pictureAWS
EXPERTE
Brettski-AWS
beantwortet vor 2 Jahren
  • joker
    vor 2 Jahren

    I know the oai settings on s3. In cloudfront, the distribution domain uses oai and the origin domain, The original domain is only the rest api of s3, so I want to check if it is normal to not be able to connect if oai is set.

  • Brettski-AWS EXPERTE
    vor 2 Jahren

    By default, if you have an "Allow" in your bucket policy for the OAI access and nothing else then there is an implicit deny in place. It will be completely normal for all other access to the bucket to be denied. More information in this blog post.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt