CloudFront returns the error " InvalidToken - The provided token is malformed or otherwise invalid" when accessing s3 hosted files in new region ap-southeast-4 (Melbourne)

I have been trying to set up a website of static web pages with SSL termination provided by CloudFront.

I set up the origin s3 bucket in the new ap-southeast-4 (Melbourne).

After all the setup when I try to access the web pages via the CloudFront distribution I get the error message:

<Error>
<Code>InvalidToken</Code>
<Message>The provided token is malformed or otherwise invalid.</Message>
<Token-0>****</Token-0>
<RequestId>****</RequestId>
<HostId>****</HostId>
</Error>

Going back to the first principles I seem to have isolated the problem to the region ap-southeast-4.

Currently, in production, we have existing CloudFront distributions that host files out of ap-southeast-2 (Sydney). This is odd so I created the 2 test CloudFront distributions with the simplest stack possible. One distribution points to a test s3 bucket in ap-southeast-4 (Melb) and the other to a test bucket in ap-southeast-2 (Syd).

The distribution pointing to ap-southeast-4 always returns the InvalidToken error while the distribution pointing to ap-southeast-2 works fine.

Any help in fixing this problem would be appreciated.

Amazing Ash
a year ago
Do both your buckets, Sydney and Melbourne hosted, have same Bucket Policy to allow access from the distribution?

Can you compare the infra code used to deploy the Distribution and to create the Bucket? Please look closely for any differences in bucket permissions and policy, since that must allow access from the given Distribution to the bucket, for the serving to work.

Happy to help further if you share the code snippets.
Paul_L EXPERT
a year ago
Are you using OAI or OAC for CloudFront to access the S3 bucket? Does the origin domain configured in CloudFront for the S3 bucket include the region? ie. <yourbucket>.ap-southeast-4.amazonaws.com
rePost-User-6688573
a year ago
I am using OAC for CloudFront access to both s3 buckets.

Checking the permissions on the two s3 buckets they are identical. Both have 'Block all public access' set to on. Also, I have double-checked the policy access JSON settings and confirmed that the strings match what the CloudFront OAC settings indicate they should be for each respective instance.

As far as I can tell the two CloudFront instances are identical and everything is set up correctly. I am still getting the error for the instance that accesses the s3 bucket in ap-southeast-4.amazonaws.com.

Topics

Compute Networking & Content Delivery

Relevant content

InvalidToken Error Occurred when calling the PutObject operation
chhupe
asked 10 months ago
Error on msdb.dbo.rds_restore_database: The provided token is malformed or otherwise invalid
Accepted Answer
Dexterite
asked 7 months ago
"Invalid Client Token ID" error when I try to assume a new role ARN
rePost-User-2276251
asked a month ago
The authorization header is malformed; the region '<AWS Region>' is wrong; expecting '<AWS Region>'
foroozf001
asked a year ago
How do I resolve the error "The managed termination protection setting for the capacity provider is invalid" in Amazon ECS?
AWS OFFICIALUpdated 3 years ago
How do I troubleshoot the "Invalid S3 location" error when I try to save the Athena query results on an S3 bucket?
AWS OFFICIALUpdated 3 years ago
Why am I getting the error "Invalid principal in policy" when I try to update my Amazon S3 bucket policy?
AWS OFFICIALUpdated a year ago
Why do I get a “The provided token is malformed or otherwise invalid” error when I launch an Amazon EMR cluster using Hive and Presto in the AWS China (Beijing) Region?
AWS OFFICIALUpdated 2 years ago
Troubleshooting "The Access Key ID or Security Token is Invalid" Error after Upgrading DynamoDB Local to Version 2.0.0 / 1.23.0 or Greater
EXPERT
Leeroy Hannigan
published 10 months ago
Troubleshoot 403 Access Denied error in Amazon S3
EXPERT
Gayathri Krishnamoorthy
published a year ago