AWS Cloudfront returns 403 but S3 returns 200

0
votes

I have an S3 bucket that is public and I am currently using it to serve files on a web application. However, for performance and cost improvements I'm working on setting up AWS Cloudfront to serve the files.

The setup instructions are pretty simple so I kept all the defaults and selected the bucket that I would like to serve with Cloudfront. The origin is setup like an API bucket.s3.amazon.com.

If I put a url with the cloudfront domain into a browser I get a 403
uniqueid.cloudfront.net/visual/filename.jpg

If I put the S3 url into a browser it works
bucket-name.s3.amazon.com

Most troubleshooting forums say to check the S3 policy but its clearly a Cloudfront issue rather than an S3 Policy issue. Some forums say I need to setup the Cloudfront domain with my DNS provider as a CNAME record but I assumed that was only if I was serving my website from Cloudfront which I am not.

Any ideas why I'm getting a 403?

1
amazon-web-servicesamazon-s3amazon-cloudfront

1 Answers

0
votes

I found an answer: AWS CloudFront access denied to S3 bucket

Specifically: Created an Amazon CloudFront web distribution:

  • Origin Domain Name: Selected my S3 bucket from the list
  • Restrict Bucket Access: Yes
  • Origin Access Identity: Create a New Identity
  • Grant Read Permissions on Bucket: Yes, Update Bucket Policy

Previously I had Restrict Bucket Access set to No which I thought would actually make the permissions less strict so it would work. However, by selecting Yes you can ensure that only your cloudfront URLs are used to access the bucket assets.