使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

s3 static website not returning custom error.html

0

I've set up a React+Cloudfront+S3 SPA. Cloudfront has an OAC and the S3 bucket policy only allows CF to access the contents of the bucket. All public access is blocked. The bucket is configured for static website enabled. There is an index.html and error.html configured and those resources exist in the bucket with those names.

Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowCloudFrontServicePrincipalReadOnly",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::cik-front-end/*",
            "Condition": {
                "StringEquals": {
                    "AWS:SourceArn": "arn:aws:cloudfront::339712767340:distribution/EQDQLH88I63IN"
                }
            }
        }
    ]
}

Problem

All of this works. I can visit my CF url and see the react application. However, if I attempt to access some non-existent resource in the bucket (for example https://xyz.cloudfront.net/foo, I get the following error:


<Error>
  <Code>AccessDenied</Code>
  <Message>Access Denied</Message>
  <RequestId>VZEPZ2TPB5HX0W2V</RequestId>
  <HostId>2MmWdKGa13rUK0YTsQ+5GJPJnEgzJNvuLV+qL0Soc/taJpMaV4yd2+gVdvfIa5cjVtiZwNgUXDg=</HostId>
</Error>

Why is this not returning my error.html, as configured for the S3 bucket?

主題
儲存空間網路與內容交付
標籤
Amazon Simple Storage ServiceAmazon CloudFront
語言
English
dboardman
已提問 1 個月前檢視次數 406 次
1 個回答
2

Hello.

Have you configured custom error responses in CloudFront?
By setting a custom error response, you can display a custom error page when the corresponding error occurs.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html

"AccessDenied" will probably become "404 NotFound" if you allow the "s3:ListBucket" action in the S3 bucket policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowCloudFrontServicePrincipalReadOnly",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            },
            "Action": ["s3:GetObject", "s3:ListBucket"],
            "Resource": ["arn:aws:s3:::cik-front-end/*", "arn:aws:s3:::cik-front-end"],
            "Condition": {
                "StringEquals": {
                    "AWS:SourceArn": "arn:aws:cloudfront::339712767340:distribution/EQDQLH88I63IN"
                }
            }
        }
    ]
}
profile picture
專家
Riku_Kobayashi
已回答 1 個月前
profile pictureAWS
專家
Didier_Durand
已審閱 1 個月前
  • dboardman
    1 個月前

    You need ListBucket access in addition to the documentation you provided on CloudFront custom errors?

  • dboardman
    1 個月前

    Looks like that doesn't quite work. The error becomes:

    <Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
<Key>foo</Key>
<RequestId>PPDBMSCG5KP4EGF2</RequestId>
<HostId>
IUQVZ3dCYwqDSeKKPWTbes+QDgezcm5SAX5SItpGx2Nc8NIgBF+2LsA9NH8NqMC4UgXeAnwaLlw=
</HostId>
</Error>
  • Osvaldo Marte 專家
    1 個月前

    Have you set a custom error response? Because if you didn't you will continue getting that default error.

  • dboardman
    1 個月前

    @osvaldo yes. I have:

    1. changed the bucket policy to reflect this answer's suggestion
    2. updated the cloudfront custom error policy for 404 and 403
    3. used my /error.html file and the custom response

    None of these actually show that html document. It simply changed the error to the NoSuchKey (posted above).

    EDIT: I tried again a few moments later and it works. I guess it was cached.

  • Osvaldo Marte 專家
    1 個月前

    can you confirm that the error.html file is located at the root of your S3 bucket? You need to specify the correct path to the error.html file relative to the root of the S3 bucket.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容