By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Reload path issue: CloudFront serving frontend via S3 with OAC

0

Hi there, Appreciate any help on this,

Problem statement: Reloading a frontend page results in access denied from the CDN distribution unless I manually add /index.html

Setup

  1. CloudFront distribution with root object set to /index.html
  2. OAC set to a S3 bucket that contains the assets from a next JS build (enabled for static hosting)
  3. S3 bucket is not enabled for static hosting as CDN OAC only supports HTTPS endpoints from S3

Simulation

  1. I navigate to the distribution URL https://<distribution-id>.cloudfront.net
  2. Application is served as expected, I can navigate across pages
  3. The browser shows the URL as https://<distribution-id>.cloudfront.net/some-page/
  4. When I reload the same URL gives out an access denied error
  5. When I append /index.html to the URL manually it starts working

Has anyone faced this before or knows of a permanent fix that can help with this please?

Thanks, Srijan

Topics
StorageComputeNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceWebsite ProvisioningAmazon CloudFront
Language
English
Srijan
asked a month ago57 views
1 Answer
1

This is a common issue when serving single-page applications (SPAs) like Next.js builds through CloudFront and S3. The problem occurs because CloudFront is looking for an exact match of the requested path in S3, which doesn't exist for routes like '/some-page/'.

To resolve this, you can implement a CloudFront function or Lambda@Edge to rewrite the URL requests. This function would add 'index.html' to the end of URLs that don't have a file extension, allowing CloudFront to serve the correct content for all routes.

Here's a step-by-step solution:

  1. Create a CloudFront function that checks if the request is for a file (has an extension) or a directory (ends with '/'). If it's neither, append '/index.html' to the request.

  2. Attach this function to the CloudFront distribution's origin request event.

  3. Ensure your S3 bucket policy allows CloudFront to access objects using the OAC (Origin Access Control).

  4. Double-check that your CloudFront distribution's default root object is set to 'index.html'.

  5. Verify that your Next.js build is correctly generating the necessary files in your S3 bucket.

By implementing this solution, you should be able to reload any page of your application without encountering access denied errors, and without needing to manually add '/index.html' to the URL.

Remember, when using OAC with CloudFront, you're correct in not enabling static website hosting on the S3 bucket. The function will handle the URL rewriting that the static website hosting would typically manage.

This approach provides a clean URL structure for your website while maintaining the underlying file organization in your S3 bucket and leveraging the security benefits of OAC.
Sources
S3/Cloudfront & OAC: Access denied when accessing path other than index site | AWS re:Post
How to redirect URL paths in CloudFront with S3 Bucket? | AWS re:Post
Access Denied for CloudFront to S3 static site | AWS re:Post

profile picture
re:Post Agent
answered a month ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content