使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Can't acces Cloudfront distribution + S3 bucket from custom domain

0

Hi, I've been learning terraform, and created a S3 bucket hosting a nuxt app and a cloudfront distribution pointing to said bucket. This setup is working perfectly when accessing the bucket via the Distrib url, however I want to use a custom subdomain from a domain name I own (I'm using OVH for the domain). I've set up the DNS record like so: [xxxx.yyyy.fr] CNAME [Distrib URL]. I also created an ACM certificate pointing to said subdomain, had it validated using DNS entries, and added it to the distrib. I have the custom subdomain set up in the cloudfront Alternate Domain Names.

To note: I have set up both the certificate and alternate domain name as "xxxx.yyyy.fr" and not "*.xxxx.yyyy.fr", I don't know if that could be the issue.

Whenever I visit the subdomain, I'm getting a "This site can't be reached", "DNS_PROBE_FINISHED_NXDOMAIN". I've also checked the CNAME record propagation, and it seems to be configured properly.

I've set up the bucket Policy like so:

{
    "Version": "2008-10-17",
    "Id": "Policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::[REDACTED BUCKET NAME]/*"
        }
    ]
}

Here are the S3 CORS policy

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "POST",
            "GET",
            "HEAD",
            "DELETE",
            "PUT"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 0
    }
]

Any ideas as to why I can use the distrib's url but not my custom subdomain ? Thanks.

主題
儲存空間網路與內容交付
標籤
Amazon Simple Storage ServiceAmazon CloudFrontTerraform
語言
English
Kevin-DDR
已提問 2 個月前檢視次數 127 次
2 個答案
0

It sounds like you've set up the S3 bucket as a website (I get that from the CORS settings). You don't need to do this with CloudFront. Using Origin Access Control (OAC) you can set up S3 so that only the CloudFront distribution that you own can access it; and the S3 bucket can be set to "private" (ii.e. no public access). Then (because the S3 bucket isn't set up to be a website) you don't need to configure CORS. When you configure the OAC identity it will tell you what the bucket policy needs to be.

For more information: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

profile pictureAWS
專家
Brettski-AWS
已回答 2 個月前
  • Klod
    2 個月前

    Hello and thank you for your reply! If I already have a S3 bucket configured as static website can I still use it and disable static hosting, or do I need to create a brand new bucket? Thanks

  • Brettski-AWS 專家
    2 個月前

    You can just disable static hosting.

0

The error message indicates a DNS problem.

You mention that you used the distribution URL for the value in the CNAME record - this should be a domain name, not a URL. Review the documentation for setting this up and testing it.

AWS
專家
Paul_L
已回答 2 個月前
profile picture
專家
Gary Mclean
已審閱 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容