By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

403 Forbidden when trying to upload through CloudFont to S3 Bucket Min TLS 1.2 Enforced

0

Hi, We have an app that uses TLS1.0 to communicate with an S3 bucket. We are trying to implement a CloudFront distribution as per https://repost.aws/knowledge-center/s3-access-old-tls to handle the requests once TLS1.2 is enforced. When we test through Postman and by enforcing Min TLS1.2 on the bucket we receive:

"$id": "1",

"Message": "An error has occurred.",

"ExceptionMessage": "Access Denied",

"ExceptionType": "Amazon.S3.AmazonS3Exception",

--- Stack Trace Removed due to size ----

"InnerException": {

    "$id": "2",

    "Message": "An error has occurred.",

    "ExceptionMessage": "The remote server returned an error: (403) Forbidden.",

With a Min TLS 1.2 enabled on the bucket we are able to retrieve files from the bucket through the CloudFront domain name.

Any help with this would be greatly appreciated.

Thank you.

Topics
Networking & Content DeliveryInternet of Things (IoT)
Tags
Amazon CloudFrontTransport Layer Security (TLS)
Language
English
ABIS-AW
asked 10 months ago456 views
1 Answer
0

When you receive a "403 Forbidden" error message when trying to upload files through CloudFront to an S3 bucket with minimum TLS 1.2 enforcement, it usually indicates that there is an issue with the permissions or configurations in your setup.

Verify CloudFront Configuration: Ensure that you have correctly configured your CloudFront distribution to use the correct origin (the S3 bucket). Double-check the CloudFront settings, including the origin domain name, origin path, and any cache behaviors or restrictions that might be in place.

Review S3 Bucket Policies and Permissions: Make sure that the IAM user or role associated with your CloudFront distribution has the necessary permissions to access and upload files to the S3 bucket. Check the bucket policies and access control lists (ACLs) to ensure they allow the appropriate actions (e.g., PutObject) for the IAM entity associated with CloudFront.

Verify TLS 1.2 Enforced: Confirm that TLS 1.2 is indeed enforced on the S3 bucket. You can check this by reviewing the bucket settings or contacting AWS support for assistance.

Check CloudFront and S3 Logs: Examine the CloudFront access logs and S3 server access logs to gather more information about the specific request that resulted in the "403 Forbidden" error. Look for any relevant error codes or additional details that might shed light on the issue.

Confirm Security Group and Network Configuration: Ensure that your security group settings and network configurations allow the necessary traffic between CloudFront and the S3 bucket. Verify that there are no restrictions or firewall rules blocking the communication.

profile picture
EXPERT
Sedat Salman
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content