By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

OAC not working as Expected

0

My OAC for the bucket.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipalReadOnly", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::<bucket name>/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::<account>:distribution/<distribution>" } } } ] }

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
cj
asked 5 months ago167 views
2 Answers
0
Accepted Answer

Hello.

Your S3 bucket policy appears to be correct based on the bucket policy described in this document.
Have you configured all OAC settings using the configuration steps provided in the document below?
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

profile picture
EXPERT
Riku_Kobayashi
answered 5 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
0

I've stepped away for a couple of months and needed a reminder, my retention curve is a little steeper than I would like. Thanks. I was using a website endpoint, so splitting the data and website and configuring two CloudFronts was an easy fix.

cj
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content