Is it correct that the original domain doesn't use OAI on the cloud front?

I connected s3 and cloudfront using oai.

So, since I connected using oai, I couldn't access the s3 domain using the original domain.

In my opinion, the distribution domain is accessed using oai and the original domain, and the original domain seems to be a rest api to access the s3 domain.

I wonder if my thinking is correct.

주제

스토리지 네트워킹 및 콘텐츠 전송

태그

아마존 심플 스토리지 서비스 아마존 CloudFront

언어

English

joker

질문됨 2년 전214회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

수락된 답변

The bucket policy determines the access to your bucket. By setting it up for OAI access you're effectively denying any other web-based access to the bucket. You can (if you like) add an Allow statement but that kind of defeats the purpose of using OAI which is to restrict access to the bucket only to CloudFront.

전문가

Brettski-AWS

답변함 2년 전

joker
2년 전
I know the oai settings on s3. In cloudfront, the distribution domain uses oai and the origin domain, The original domain is only the rest api of s3, so I want to check if it is normal to not be able to connect if oai is set.
Brettski-AWS 전문가
2년 전
By default, if you have an "Allow" in your bucket policy for the OAI access and nothing else then there is an implicit deny in place. It will be completely normal for all other access to the bucket to be denied. More information in this blog post.

Is it correct that the original domain doesn't use OAI on the cloud front?

관련 콘텐츠