- Newest
- Most votes
- Most comments
- Have you added the Alternative Domain names for your domain to cloudfronts configuration?
- Have you added access from cloudfront to the bucket Policy?
After Discussion
Your public S3 bucket is not used in this confiuguration and can be disabled.
Update your Root object on the distro to be index.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html
To perform a redirect you would need to use a Lambda@Edge as your using native S3 origin https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-redirect-url.html
- Yes, I have added CNAME to the cloudfront distribution
- While creating the distribution and Origin access control settings, I copied the policy from OAC to the bucket. Here is the copy of the policy:
{ "Version": "2012-10-17", "Statement": { "Sid": "AllowCloudFrontServicePrincipalReadOnly", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::<S3 bucket name>/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::<AWS account ID>:distribution/<CloudFront distribution ID>" } } } }
Also have you tried going to your CF distro ie www.example.com/index.html ?
www.example.com/index.html works fine. And I double checked, I am using OAC and not OAI.
Root bucket is redirecting to www and www bucket has the index.html.
That ^^ only works if your using the S3 bucket as a public website
This S3 Resource policy you have attached is for OAC.
Please review if your using OAI or OAC https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
OK. perfect.. Set your default document on cloudfront then to be index.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html
You can disable the S3 static website as your not using this method by the sounds of it and disable any public S3 acccess
One additional information, not sure if it is helpful but thought to share. I have WAF enabled for my distribution and when I look at the 'Requests processed by AWS WAF for this distribution' I can see all the requests as 'allowed request'.
I think your trying to run an Web Enabled S3 bucket behind cloud front which will not work unless you setup CF like that Did you see my latest comments? Try your cloudfront url with index.html i.e. www.example.com/index.html
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
If you could accept this answer under me.. thanks
Thank you very much Niharika