Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Getting a 403 Error on Domain Despite Proper Configuration

0

I used AWS Amplify to set up a new React site. Amplify created everything: the S3 bucket, CloudFront distribution, etc. I added the CNAME in GoDaddy a couple of days ago, but I am still getting a 403 error.

I reviewed the suggestions from this link https://repost.aws/knowledge-center/cloudfront-troubleshoot-403-errors and confirmed the following:

OAI: Configured Bucket Policy: Allows OAI access CNAME: Correctly points to the CloudFront distribution Viewer Protocol Policy: Set to allow-all for both HTTP and HTTPS There are no WAF settings, geographic restrictions, or alternative domain settings involved. The setup was performed automatically by Amplify, and I haven't made any manual changes beyond the CNAME record in GoDaddy.

As a comparison, I manually set up an S3 bucket with a simple index.html file, pointed a CNAME to it, and it worked without issues. This makes me believe the problem lies with CloudFront.

If there is a necessary step missing that AWS Amplify doesn't handle automatically, I believe AWS needs to update their documentation. I am currently using HTTP (non-secure). If HTTPS and a certificate are mandatory for this setup to work, that needs to be clearly stated.

Has anyone encountered a similar issue or knows a step that might be missing?

Topics
Front-End Web & MobileNetworking & Content Delivery
Tags
Amazon CloudFrontAWS Amplify
Language
English
asked 2 years ago620 views
2 Answers
-1

Hello,

  1. Ensure the Origin Domain Name is set to your S3 bucket (your-bucket-name.s3.amazonaws.com).
  2. In the CloudFront distribution settings, under the Settings section, find the Alternate Domain Names (CNAMEs) and SSL Certificate settings.
  3. If you are using HTTPS, Update the SSL/TLS certificate for a domain https://docs.aws.amazon.com/amplify/latest/userguide/to-update-certificate.html
  4. Enable CloudFront Standard logging to get more insight into the requests. The logs can help identify the exact reason for the 403 errors.

When you set up your custom domain, you can use the default managed certificate that Amplify provisions for you or you can use your own custom certificate. You can change the certificate in use for the domain at any time.

Also read https://docs.aws.amazon.com/amplify/latest/userguide/custom-domains.html

EXPERT
answered 2 years ago
  • Luiz Terra
    2 years ago

    Thank you Sivaraman, and yes I checked all those things you mentioned. Only thing I still need to do is to enable logs, if that's even possible.

    Ensure the Origin Domain Name is set to your S3 bucket (your-bucket-name.s3.amazonaws.com).

    Yes, my origin domain s set to my bucket - removed my real bucket name, but after starting with the numbers it's real - my-bucket-name-20240526171103-hostingbucket-dev.s3.us-east-1.amazonaws.com

    In the CloudFront distribution settings, under the Settings section, find the Alternate Domain Names (CNAMEs) and SSL Certificate settings.

    I don't have any alternate domain names set up - Do I need this?

    If you are using HTTPS, Update the SSL/TLS certificate for a domain https://docs.aws.amazon.com/amplify/latest/userguide/to-update-certificate.html

    I am using HTTP for now

  • Behrens, Isaac EXPERT
    2 years ago

    In the CloudFront distribution settings, under the Settings section, find the Alternate Domain Names (CNAMEs) and SSL Certificate settings. I don't have any alternate domain names set up - Do I need this?

    If you are accessing the app based on a GoDaddy CNAME, then you are using an Alternate Domain Name. An Alternate Domain Name will be any other domain name than the CloudFront domain name provided which would look something like d111111abcdef8.cloudfront.net.

-1

Have you followed these specific instructions for GoDaddy? https://docs.aws.amazon.com/amplify/latest/userguide/to-add-a-custom-domain-managed-by-godaddy.html

Have you setup a default rewrite as mentioned here? https://docs.aws.amazon.com/amplify/latest/userguide/redirects.html#simple-redirects-and-rewrites

Have you checked logs in CloudWatch to see if they provide any insights on what is failing? https://docs.aws.amazon.com/amplify/latest/userguide/access-logs.html#monitoring-with-cloudwatch

AWS
EXPERT
answered 2 years ago
  • Luiz Terra
    2 years ago

    Yes, I followed the GoDaddy instructions, things are in place there. I am not sure how the amplify rewrite thing would do anything, the app is not served from there, the app is served from CloudFront and S3. I still need to check the logs, thank you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content