I deploy a simple web app to S3
via amplify publish
. The hosting has Cloudfront
enabled (I selected the PROD environment in amplify while setting up hosting) and I'm working in the eu-central-1
region. But whenever I try to access the Cloudfront
URL, I receive an AccessDenied
error.
I followed a tutorial at https://medium.com/quasar-framework/creating-a-quasar-framework-application-with-aws-amplify-services-part-1-4-9a795f38e16d an the only thing I did differently was the region (tutorial uses us-east-1
while I use eu-central-1
).
The config of S3 and Cloudfront was done by amplify and so should be working in theory:
Cloudfront:
- Origin Domain Name or Path:
quasar-demo-hosting-bucket-dev.s3-eu-central-1.amazonaws.com
(originally it was without theeu-central-1
, but I added it manually after it didn't work). - Origin ID:
hostingS3Bucket
- Origin Type:
S3 Origin
S3 Bucket Policy:
{
"Version": "2012-10-17",
"Id": "MyPolicy",
"Statement": [
{
"Sid": "APIReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ********"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::quasar-demo-hosting-bucket-dev/*"
}
]
}
Research showed me that Cloudfront
can have temporary trouble to access S3
buckets in other regions. But I manually added the region to the origin in Cloudfront
AND I have waited for 24h. I still get the "access denied".
I suspect this has something to do with the S3
bucket not being in the default us-east-1
region and amplify not setting up Cloudfront
correctly in that case.
How can I get amplify to set the S3
bucket and Cloudfront
up correctly so that I can access my website through the Cloudfront
URL?
amplify
. The only thing I changed (after it didn't work) was to add theeu-central-1
part to the S3 path configured in Cloudfront. – morgler