How to Solve: 403 Forbidden Error in Cloudfront (API Gateway)?

Question

How do I resolve the 403 ''forbidden'' error in my Cloudfront distribution?

I use Cloudfront with my own (verified) domain name and a REST API (API Gateway) as the origin. I've configured all I could imagine such bucket policies, resource policy, CORS etc. But while the URL is accessible (no DNS issues), I keep getting the 403 error and it doesn't show my frontend that's in S3. I have validated that my Lambda and API work as expected in the console. What is the best way to resolving this error? It seems to be at multiple levels.

P.S. I've read and tried as many solutions mentioned in AWS documentation but it doesn't seem to work for me.

Answer

Hi M-SaaS,

This Explanation finds you well about Your Issue.

**Create a CloudFront Distribution:**

•	Go to the CloudFront service.

•	Click "Create distribution".

•	Choose "Web".

•	**Under "Origin settings", provide details:**

1.Origin Domain Name: Enter the website endpoint of your S3 bucket.

2. Origin Path: Leave blank (optional).
       
	3. Restriction Policy: Choose "No restrictions".
	
•	**Under "Behaviors", create a behavior with these settings:**

1. Behavior Name: Enter a descriptive name (e.g., "Default").

2. Path Pattern: Enter "/" (to cover all paths).
	
	3. Origin Settings: Refer to the configuration above.
	
	4. Viewer Protocol Policy: Choose "Redirect HTTP to HTTPS".
	
•	**Under "Distribution settings", configure SSL/TLS:**

1. Certificate: Choose the ACM certificate you created.
	
	2. Minimum Protocol Version: Select TLS 1.2 or higher.
	
	3. Security policy: Choose "AWS-managed security policy".
	
•	Click "Create distribution".

**Note**

=> Check and give properly Viewer Protocol Policy: Choose "Redirect HTTP to HTTPS".

=> Give the “Alternate domain name” to access your website.

**Troubleshoot 403 errors in CloudFront:** https://repost.aws/knowledge-center/cloudfront-troubleshoot-403-errors

How to Solve: 403 Forbidden Error in Cloudfront (API Gateway)?

Relevant content