AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Hosting HTTPS website using S3, AMC and CloudFront

0

I am trying to host a website using S3, ACM, CloudFront and Route53. I am getting access denied when trying to access it. I have done the following steps based on various AWS documentations, AWS blog posts and re:Post but nothing helped. Here are the steps: 1/ Created 2 S3 buckets - example.com and www.example.com. Root bucket is redirecting to www and www bucket has the index.html. 2/ Requested for AMC and added both the domains to it. Added the corresponding CNAMEs to hosted zone. Certificate is issued. 3/ created 2 cloudfront distribution one for www.example.com and one for example.com. 4/ www.example.com config - selected OAC for origin access, updated the www.example.com bucket policy, redirect http to https, attached the certificate. 5/ Added A record for both the distribution in hosted zone. Did I miss anything?

  • I have tried making the www.example.com bucket public and its object public (which is not needed in case of CloudFront) but still got the same error.
  • My S3 buckets are SSE-S3 encrypted.
  • Using Static website endpoints
  • no explicit deny bucket policy
  • Bucket and object owned by same account
주제
스토리지컴퓨팅네트워킹 및 콘텐츠 전송
태그
아마존 심플 스토리지 서비스웹사이트 프로비저닝아마존 CloudFront아마존 루트 53
언어
English
Niharika Singh
질문됨 4달 전247회 조회
3개 답변
0
수락된 답변
  1. Have you added the Alternative Domain names for your domain to cloudfronts configuration?
  2. Have you added access from cloudfront to the bucket Policy?

After Discussion

Your public S3 bucket is not used in this confiuguration and can be disabled.

Update your Root object on the distro to be index.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html

To perform a redirect you would need to use a Lambda@Edge as your using native S3 origin https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-redirect-url.html

profile picture
전문가
Gary Mclean
답변함 4달 전
profile picture
전문가
Riku_Kobayashi
검토됨 4달 전
  • Gary Mclean 전문가
    4달 전

    If you could accept this answer under me.. thanks

  • Gary Mclean 전문가
    4달 전

    Thank you very much Niharika

0
  1. Yes, I have added CNAME to the cloudfront distribution
  2. While creating the distribution and Origin access control settings, I copied the policy from OAC to the bucket. Here is the copy of the policy:

{ "Version": "2012-10-17", "Statement": { "Sid": "AllowCloudFrontServicePrincipalReadOnly", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::<S3 bucket name>/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::<AWS account ID>:distribution/<CloudFront distribution ID>" } } } }

Niharika Singh
답변함 4달 전
0

One additional information, not sure if it is helpful but thought to share. I have WAF enabled for my distribution and when I look at the 'Requests processed by AWS WAF for this distribution' I can see all the requests as 'allowed request'.

Niharika Singh
답변함 4달 전
  • Gary Mclean 전문가
    4달 전

    I think your trying to run an Web Enabled S3 bucket behind cloud front which will not work unless you setup CF like that Did you see my latest comments? Try your cloudfront url with index.html i.e. www.example.com/index.html

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠