Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
API Gateway Origin of Cloudfront Behavior giving 403 forbidden
For hosting a webiste I am using a cloudfront distribution under someurl.com. It has a behavior that forwards requests arriving under path path to an API Gateway apigatewayurl.com what hosts an API the website should make use of.
I can reach the API Gateway but problem starts when I do add authorization: I get 403 forbidden.
Authorization should work through a custom authorizer using cookie which is set under the domain someurl.com. The authorizer works fine, I tested that one using the regional API endpoint.
When only adding the authorization my request is blocked at the API Gateway what makes sense as Cloudfront does not forward cookies. I get 403 - unauthorized and I can see in the API Gateway logs that the request makes it to API Gateway.
To forward cookies I added 'ViewerAll' origin policy to the behavior but then API Gateway is not even reaching API Gateway, I do not get any log. My call returns 403 - forbidden.
Any ideas why I get 403 once I enable origin policy in order to forward cookies?
- Language
- English
- Newest
- Most votes
- Most comments
after some more tries I found a solution. It looks like the origin request policy is not sufficient. I introduced a caching policy and removed the origin request policy what solved the issue. What is cached is forwarded.
Relevant content
- asked 2 years ago
- asked 2 years ago
