Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Localhost webserver plays videos, Staging and Live webservers getting a 403 Error ?

0

Some background:

1.) I have a bucket that contains videos on Amazon S3, being served thru Cloudfront. 2.) I have 3 webservers (localhost, staging.server.com, domain.com). 3.) I have not touched the ACLs for my S3 bucket in 5 years. 4.) According to the IAM Analyzer, the aforementioned bucket has READ access. 5.) Just in case there's any confusion, my buckets on S3 are NOT public access, nor have they ever been. 6.) I am NOT hosting my websites via Amazon. 7.) These are S3 buckets with ACL lists that are all of a sudden generating 403 errors. 8.) These videos USED to play just fine on the staging and live servers, and now they don't.

Ok, now to my question >

Why can my localhost webserver play videos from my dev website, HOWEVER, the EXTERNAL (Staging AND Live) webservers are getting a 403 error FOR THE EXACT, SAME RESOURCES ?

Localhost > Plays Video-A just fine. Staging > 403 error for Video-A. Live > 403 error for Video-A.

Mind you, again, I have NOT touched the ACL in 5 years!

So Why is the localhost able to play the videos, and the live and staging server is not ????!

Analyzer Screenshot ACL Screenshot

Topics
Security, Identity, & ComplianceStorageNetworking & Content DeliveryMedia Services
Tags
Amazon CloudFrontAWS Identity and Access ManagementAWS Elemental MediaConvertIAM PoliciesAmazon Simple Storage Service
Language
English
asked a year ago128 views
2 Answers
0
Accepted Answer

Based on the information provided, there are several potential reasons why your localhost can play the videos while the external servers (staging and live) are receiving 403 errors:

  1. CloudFront Distribution Configuration: The issue might be related to your CloudFront distribution settings. If you're using Origin Access Identity (OAI) or Origin Access Control (OAC) with your CloudFront distribution, it's possible that these are not correctly configured for external access. OAI/OAC is used to restrict access to your S3 bucket, allowing only CloudFront to access it. If this is not set up correctly, it could result in 403 errors for external requests.

  2. CORS (Cross-Origin Resource Sharing) Configuration: If your S3 bucket's CORS configuration is not set up to allow requests from your external domains (staging.server.com and domain.com), this could cause 403 errors. Your localhost might work because it's not subject to the same origin policy that browsers enforce for cross-origin requests.

  3. Bucket Policy: Even though you haven't touched the ACLs in 5 years, it's worth checking your bucket policy. There might be a condition in the policy that's allowing access from your local IP or network but restricting access from other sources.

  4. CloudFront Geographic Restrictions: If you have geographic restrictions enabled in your CloudFront distribution, this could potentially cause 403 errors for requests coming from certain locations.

  5. Signed URLs or Cookies: If your CloudFront distribution is set up to use signed URLs or signed cookies for access control, and these are not being correctly generated or validated for your external servers, this could result in 403 errors.

  6. Recent AWS Changes: AWS occasionally updates its services, which might affect existing configurations. Even if you haven't changed anything, a recent update could have impacted your setup.

To resolve this issue, you should:

  1. Review your CloudFront distribution settings, particularly the OAI/OAC configuration.
  2. Check your S3 bucket's CORS configuration and ensure it allows your external domains.
  3. Review your bucket policy for any conditions that might be restricting access.
  4. Check for any geographic restrictions in your CloudFront distribution.
  5. If you're using signed URLs or cookies, ensure they're being correctly generated and used.

If none of these solve the problem, you may need to contact AWS support for further assistance, as there might be an issue specific to your account or setup that isn't immediately apparent.
Sources
HTTP 403 status code (Permission Denied) - Amazon CloudFront
Security - Live Streaming on AWS with Amazon S3
Troubleshoot 403 Access Denied error in Amazon S3 | AWS re:Post

answered a year ago
EXPERT
reviewed a year ago
  • Miles
    a year ago

    Thanks for that answer.

    In regards to:

    #1. I've reviewed the OAI/OAC configuration, and there's nothing there at all that has changed since I set this up ages ago.

    #2. I've never had a CORS config, and it's worked just fine for the 10 years that I was running S3.

    #3. Reviewed, there's nothing there.

    #4. No geographic restrictions.

    #5. Nope. None of that.

  • Adeleke Adebowale .J. EXPERT
    a year ago

    Could you contact the AWS support team by opening a ticket for further checks if you are still seeing this error

0

Try to use developer tool in web browser to get more data about error.

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content