1 Answer
- Newest
- Most votes
- Most comments
1
Hey all, I fixed it. Since this had me pulling my hair out, here was my solution:
- On the Cloudfront distribution, Edit the Behavior for the S3 Cloudfront bucket.
- Find
Cache key and origin requests
and edit this so Headers includes theOrigin
, and set Query strings toAll
.
Finally, this is an important step. On the S3 bucket, you must give access to the Cloudfront distribution to get version tagging. I haven't narrowed down exactly which action solved it for me, but here's what worked:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": [
"s3:GetObject",
"s3:GetObjectVersionTagging",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::.... my bucket",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::..... my distribution"
}
}
},
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Resource": "arn:aws:s3:::.... my bucket",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::..... my distribution"
}
}
}
]
}
answered 16 days ago
Relevant content
- Accepted Answerasked 4 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 18 hours ago
- AWS OFFICIALUpdated 9 months ago