amazon cloudfront Error "AccessDenied"

Question

This is my code i am getting Access Denied message. Anyone tell me how to fix this.

My Bucket Policy

"cloudfront:user/CloudFront Origin Access Identity [ID]" with s3.

Bucket Policy Resource

"Resource": "arn:aws:s3:::bucket_name/*"

use Aws\CloudFront\CloudFrontClient;
require 'vendor/autoload.php';

$cloudFront = CloudFrontClient::factory([
    'version' => 'latest',
    'region'  => 'ap-south-1'
]);

// Setup parameter values for the resource
$streamHostUrl = 'http://example.cloudfront.net';
$resourceKey = 'Bucket/1.jpg';
$expires = new DateTime('+1 minute');

// Create a signed URL for the resource using the canned policy
$url = $cloudFront->getSignedUrl([
    'url'         => $streamHostUrl . '/' . $resourceKey,
    'expires'     => $expires->getTimestamp(),
    'private_key' => 'pk-private_key.pem',
    'key_pair_id' => '<key_pair_id>'
]);

echo $url;

Error "AccessDenied"

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>EE8B43497F516AD3</RequestId>
<HostId>
jghWRjO1Rnvv0/hRaeBS4pThCFJcGN26r3wDcMAiyqWeVHRVLbNaSUiIQmR7dDiQus/j8QjUWhM=
</HostId>
</Error>

It seems like the problem is with the bucket policy. Can we see the entire bucket policy (except your actual origin access id)? — Michael - sqlbot
{ "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket_name/*" } ] } — Ayan Chakraborty

Ayan Chakraborty Ayan Chakraborty · Accepted Answer · 2016-11-11T09:54:11

I am fix this problem

change it

$resourceKey = 'Bucket/1.jpg'

To

$resourceKey = '1.jpg';

amazon cloudfront Error "AccessDenied"

1 Answers