Is it correct that the original domain doesn't use OAI on the cloud front?

I connected s3 and cloudfront using oai.

So, since I connected using oai, I couldn't access the s3 domain using the original domain.

In my opinion, the distribution domain is accessed using oai and the original domain, and the original domain seems to be a rest api to access the s3 domain.

I wonder if my thinking is correct.

Topics

Storage Networking & Content Delivery

Tags

Amazon Simple Storage Service Amazon CloudFront

Language

English

joker

asked 2 years ago211 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Accepted Answer

The bucket policy determines the access to your bucket. By setting it up for OAI access you're effectively denying any other web-based access to the bucket. You can (if you like) add an Allow statement but that kind of defeats the purpose of using OAI which is to restrict access to the bucket only to CloudFront.

EXPERT

Brettski-AWS

answered 2 years ago

joker
2 years ago
I know the oai settings on s3. In cloudfront, the distribution domain uses oai and the origin domain, The original domain is only the rest api of s3, so I want to check if it is normal to not be able to connect if oai is set.
Brettski-AWS EXPERT
2 years ago
By default, if you have an "Allow" in your bucket policy for the OAI access and nothing else then there is an implicit deny in place. It will be completely normal for all other access to the bucket to be denied. More information in this blog post.

Relevant content

Why doesn't react's BrowserRouter work on cloudfront when s3 oai settings are applied?
joker
asked 2 years ago
OAI or not OAI for serving a static website in S3 using CloudFront
bbaronas
asked 2 years ago
Adding OAI to CloudFront after the distribution is created
sharpedgewv
asked 2 years ago
CloudFront: How to use Lambda@Edge to change the S3 origin region with Origin Access Control enabled
oldflower
asked a year ago
I’m using an S3 website endpoint as the origin of my CloudFront distribution. Why am I getting 403 Access Denied errors?
AWS OFFICIALUpdated a year ago
How do I use my CloudFront distribution to restrict access to an Amazon S3 bucket?
AWS OFFICIALUpdated 2 months ago
I’m using an S3 REST API endpoint as the origin of my CloudFront distribution. Why am I getting 403 Access Denied errors?
AWS OFFICIALUpdated a year ago
How do I use CloudFront to serve a static website that’s hosted on Amazon S3?
AWS OFFICIALUpdated 8 months ago
Securing Workloads on VMware Cloud on AWS Using Native AWS Services
EXPERT
lmessier
published 10 days ago
The Advantages of Using VMware Cloud on AWS for Your Business
EXPERT
Sedat Salman
published 10 months ago