CloudFront S3 Endpoint Works, but Not as Website Endpoint

Question

I am setting up an S3 bucket to host up static files through CloudFront (which I have done multiple times). I noticed when I set up the "Origin domain" as the S3 bucket I had configured, I received a message that said:

> This S3 bucket has static web hosting enabled. If you plan to use this distribution as a website, we recommend using the S3 website endpoint rather than the bucket endpoint.

There was a button to "Use website endpoint."

Given that this seemed to be the right advice, I clicked "Use website endpoint" and went on with configuration. However, I could not access the actual site.

After working on it a bit, I went back to this setting and disabled the use of the website endpoint. This changed the Origin access settings (see screenshot below). I was able to select "Origin access control settings (recommended)" option and everything worked perfectly immediately.

![options that show after I DO NOT use the website endpoint option](/media/postImages/original/IM3uIB7BNzQD6Dzx_-6KvUEQ)

My confusion - why does the "Use website endpoint" not offer this option when its selected. It seems like it is needed. I have not seen any other information on anything else I need to configure if I choose this option.

Accepted Answer

> My confusion - why does the "Use website endpoint" not offer this option when its selected. It seems like it is needed.

S3 buckets can use Origin Access Control (OAC) or Origin Access Identity (OAI) to authenticate CloudFront distribution which requests to the bucket.

If you choose the S3 Website endpoint, CloudFront will recognize the origin as a Web Site, not a bucket. Therefore, OAC and OAI are not available.

CloudFront S3 Endpoint Works, but Not as Website Endpoint

Relevant content