403 Forbidden when trying to upload through CloudFont to S3 Bucket Min TLS 1.2 Enforced

0

Hi, We have an app that uses TLS1.0 to communicate with an S3 bucket. We are trying to implement a CloudFront distribution as per https://repost.aws/knowledge-center/s3-access-old-tls to handle the requests once TLS1.2 is enforced. When we test through Postman and by enforcing Min TLS1.2 on the bucket we receive:

"$id": "1",

"Message": "An error has occurred.",

"ExceptionMessage": "Access Denied",

"ExceptionType": "Amazon.S3.AmazonS3Exception",

--- Stack Trace Removed due to size ----

"InnerException": {

    "$id": "2",

    "Message": "An error has occurred.",

    "ExceptionMessage": "The remote server returned an error: (403) Forbidden.",

With a Min TLS 1.2 enabled on the bucket we are able to retrieve files from the bucket through the CloudFront domain name.

Any help with this would be greatly appreciated.

Thank you.

ABIS-AW
已提問 1 年前檢視次數 540 次
1 個回答
0

When you receive a "403 Forbidden" error message when trying to upload files through CloudFront to an S3 bucket with minimum TLS 1.2 enforcement, it usually indicates that there is an issue with the permissions or configurations in your setup.

Verify CloudFront Configuration: Ensure that you have correctly configured your CloudFront distribution to use the correct origin (the S3 bucket). Double-check the CloudFront settings, including the origin domain name, origin path, and any cache behaviors or restrictions that might be in place.

Review S3 Bucket Policies and Permissions: Make sure that the IAM user or role associated with your CloudFront distribution has the necessary permissions to access and upload files to the S3 bucket. Check the bucket policies and access control lists (ACLs) to ensure they allow the appropriate actions (e.g., PutObject) for the IAM entity associated with CloudFront.

Verify TLS 1.2 Enforced: Confirm that TLS 1.2 is indeed enforced on the S3 bucket. You can check this by reviewing the bucket settings or contacting AWS support for assistance.

Check CloudFront and S3 Logs: Examine the CloudFront access logs and S3 server access logs to gather more information about the specific request that resulted in the "403 Forbidden" error. Look for any relevant error codes or additional details that might shed light on the issue.

Confirm Security Group and Network Configuration: Ensure that your security group settings and network configurations allow the necessary traffic between CloudFront and the S3 bucket. Verify that there are no restrictions or firewall rules blocking the communication.

profile picture
專家
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南