AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Hosting HTTPS website using S3, AMC and CloudFront

0

I am trying to host a website using S3, ACM, CloudFront and Route53. I am getting access denied when trying to access it. I have done the following steps based on various AWS documentations, AWS blog posts and re:Post but nothing helped. Here are the steps: 1/ Created 2 S3 buckets - example.com and www.example.com. Root bucket is redirecting to www and www bucket has the index.html. 2/ Requested for AMC and added both the domains to it. Added the corresponding CNAMEs to hosted zone. Certificate is issued. 3/ created 2 cloudfront distribution one for www.example.com and one for example.com. 4/ www.example.com config - selected OAC for origin access, updated the www.example.com bucket policy, redirect http to https, attached the certificate. 5/ Added A record for both the distribution in hosted zone. Did I miss anything?

  • I have tried making the www.example.com bucket public and its object public (which is not needed in case of CloudFront) but still got the same error.
  • My S3 buckets are SSE-S3 encrypted.
  • Using Static website endpoints
  • no explicit deny bucket policy
  • Bucket and object owned by same account
トピック
ストレージ計算するネットワークとコンテンツ配信
タグ
Amazon Simple Storage Service (S3)ウェブサイトプロビジョニングAmazon CloudFrontAmazon Route 53
言語
English
Niharika Singh
質問済み 4ヶ月前247ビュー
3回答
0
承認された回答
  1. Have you added the Alternative Domain names for your domain to cloudfronts configuration?
  2. Have you added access from cloudfront to the bucket Policy?

After Discussion

Your public S3 bucket is not used in this confiuguration and can be disabled.

Update your Root object on the distro to be index.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html

To perform a redirect you would need to use a Lambda@Edge as your using native S3 origin https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-redirect-url.html

profile picture
エキスパート
Gary Mclean
回答済み 4ヶ月前
profile picture
エキスパート
Riku_Kobayashi
レビュー済み 4ヶ月前
  • Gary Mclean エキスパート
    4ヶ月前

    If you could accept this answer under me.. thanks

  • Gary Mclean エキスパート
    4ヶ月前

    Thank you very much Niharika

0
  1. Yes, I have added CNAME to the cloudfront distribution
  2. While creating the distribution and Origin access control settings, I copied the policy from OAC to the bucket. Here is the copy of the policy:

{ "Version": "2012-10-17", "Statement": { "Sid": "AllowCloudFrontServicePrincipalReadOnly", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::<S3 bucket name>/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::<AWS account ID>:distribution/<CloudFront distribution ID>" } } } }

Niharika Singh
回答済み 4ヶ月前
0

One additional information, not sure if it is helpful but thought to share. I have WAF enabled for my distribution and when I look at the 'Requests processed by AWS WAF for this distribution' I can see all the requests as 'allowed request'.

Niharika Singh
回答済み 4ヶ月前
  • Gary Mclean エキスパート
    4ヶ月前

    I think your trying to run an Web Enabled S3 bucket behind cloud front which will not work unless you setup CF like that Did you see my latest comments? Try your cloudfront url with index.html i.e. www.example.com/index.html

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ