403 Forbidden when trying to upload through CloudFont to S3 Bucket Min TLS 1.2 Enforced

When you receive a "403 Forbidden" error message when trying to upload files through CloudFront to an S3 bucket with minimum TLS 1.2 enforcement, it usually indicates that there is an issue with the permissions or configurations in your setup.

Verify CloudFront Configuration: Ensure that you have correctly configured your CloudFront distribution to use the correct origin (the S3 bucket). Double-check the CloudFront settings, including the origin domain name, origin path, and any cache behaviors or restrictions that might be in place.

Review S3 Bucket Policies and Permissions: Make sure that the IAM user or role associated with your CloudFront distribution has the necessary permissions to access and upload files to the S3 bucket. Check the bucket policies and access control lists (ACLs) to ensure they allow the appropriate actions (e.g., PutObject) for the IAM entity associated with CloudFront.

Verify TLS 1.2 Enforced: Confirm that TLS 1.2 is indeed enforced on the S3 bucket. You can check this by reviewing the bucket settings or contacting AWS support for assistance.

Check CloudFront and S3 Logs: Examine the CloudFront access logs and S3 server access logs to gather more information about the specific request that resulted in the "403 Forbidden" error. Look for any relevant error codes or additional details that might shed light on the issue.

Confirm Security Group and Network Configuration: Ensure that your security group settings and network configurations allow the necessary traffic between CloudFront and the S3 bucket. Verify that there are no restrictions or firewall rules blocking the communication.