Questions tagged with Amazon Simple Storage Service

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Get AccessDenied from all sub-paths using Cloudfront with S3 Origin and Access Control

First of all I have several static sites setup like this and only one is having problems, so I've been trying to compare what differs but I cannot find anything. But let's focus on the one that isn't working, blog.mastodon.se. Any sub-path like /om gets an AccessDenied error. There is a file called /om/index.html that is supposed to be loaded. Another static site I have called sydit.se has the same setup and works fine. If you for example go to sydit.se/about. The blog.mastodon.se CloudFront distro is setup with mostly defaults, only added a Certificate from ACM, index.html as default root object, use only North American and European price class. Under origins I've chosen the S3 endpoint that is listed by default (blog.mastodon.se.s3.eu-north-1.amazonaws.com), Origin access control, and I've installed this bucket policy in the bucket. ``` { "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::blog.mastodon.se/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::redact:distribution/redact" } } } ] } ``` The bucket itself is also default, no static site hosting enabled, no public access, just this policy.
2
answers
0
votes
11
views
stemid
asked 14 hours ago

How to get access to s3 for .NET SDK with the same credentials used for awscli?

I am on a federated account that only allows for 60 minutes access tokens. This makes using AWS difficult since I have to constantly relog in with MFA, even for the AWS CLI on my machine. I'm fairly certain that any programmatic secret access key and token I generate would be useless after an hour. I am writing a .NET program (.NET framework 4.8) that will run on a EC2 instance to read and write from an S3 bucket. As per the documentation example, they give this example to initalize the AmazonS3Client: ``` // Before running this app: // - Credentials must be specified in an AWS profile. If you use a profile other than // the [default] profile, also set the AWS_PROFILE environment variable. // - An AWS Region must be specified either in the [default] profile // or by setting the AWS_REGION environment variable. var s3client = new AmazonS3Client(); ``` I've looked into SecretManager and ParameterStore, but that would matter if the programmatic access keys go inactive after an hour. Perhaps there is another way to give the program access to S3 and the SDK... If I cannot use access keys and tokens stored in a file, could I use the IAM access that awscli uses? For example, I can type into powershell `aws s3 ls s3://mybucket` to list and read files from s3 to the ec2 instance. Could the .NET SDK use the same credentials to access the S3 bucket?
1
answers
0
votes
19
views
asked 6 days ago