403 on Cloudfront distibution with multiple S3 origins

Question

I have a cloudfront distuibution that I server static website content from an S3 bucket on. I have created another S3 bucket that I am storing images on. The S3 bucket has a nested folder structure similar to: "foos/bars/image.png". I added the image bucket as another origin to the cloudfront distribution and added the path "images/upload/*" in the behaviours, however I keep getting 403s when I navigate to "https://cloudfrontdomain.com/images/upload/foos/bars/image.png".
Out of frustration I tried setting the path in the behaviour to "*" to see if that would work and accessing "https://cloudfrontdomain.com/foos/bars/image.png" worked and successfully returned my image. Obviously this isn't a viable soution but demonostrates my permissions must be somewhat right. Any help would be appreciated

Accepted Answer

Hello.

CloudFront adds the requested path to access your origin.  
In other words, in this case, a request is sent to S3 with the path "images/upload/image.png" attached to access S3.  
Therefore, if there is no object in "images/upload/image.png" in the S3 bucket, an error will occur.  
So, I think the problem can be solved by placing the image file in "images/upload/" of the S3 bucket.  
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath  
> If you want CloudFront to request your content from a directory in your origin, enter the directory path, beginning with a slash (/). CloudFront appends the directory path to the value of Origin domain, for example, cf-origin.example.com/production/images. Do not add a slash (/) at the end of the path.

403 on Cloudfront distibution with multiple S3 origins

관련 콘텐츠