403 on Cloudfront distibution with multiple S3 origins


I have a cloudfront distuibution that I server static website content from an S3 bucket on. I have created another S3 bucket that I am storing images on. The S3 bucket has a nested folder structure similar to: "foos/bars/image.png". I added the image bucket as another origin to the cloudfront distribution and added the path "images/upload/" in the behaviours, however I keep getting 403s when I navigate to "https://cloudfrontdomain.com/images/upload/foos/bars/image.png". Out of frustration I tried setting the path in the behaviour to "" to see if that would work and accessing "https://cloudfrontdomain.com/foos/bars/image.png" worked and successfully returned my image. Obviously this isn't a viable soution but demonostrates my permissions must be somewhat right. Any help would be appreciated

asked 16 days ago314 views
1 Answer
Accepted Answer


CloudFront adds the requested path to access your origin.
In other words, in this case, a request is sent to S3 with the path "images/upload/image.png" attached to access S3.
Therefore, if there is no object in "images/upload/image.png" in the S3 bucket, an error will occur.
So, I think the problem can be solved by placing the image file in "images/upload/" of the S3 bucket.

If you want CloudFront to request your content from a directory in your origin, enter the directory path, beginning with a slash (/). CloudFront appends the directory path to the value of Origin domain, for example, cf-origin.example.com/production/images. Do not add a slash (/) at the end of the path.

profile picture
answered 16 days ago
profile picture
reviewed 15 days ago
  • This worked thank you! I didn't realise the same logic applied with the path in the behavoiurs as the origins

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions