google storage buckets configuration main page - google-cloud-platform

I made a bucket lets call it my bucket. I gave "Legacy Storage Read" to this bucket and it means that it should not list the buckets but if someone knows the URL of specific files or folders inside the buckets they could visit it.
If I enter the only bucket address in URL I get access denied even though, I added index.html ( which is in the root of the bucket) as the main page in the bucket website configuration. Anyone has any idea why the bucket does not routed to index.html if I just go to the bucket URL?

Have you configured your permision? If this is not the case you can try below steps.
For full details you can refer to this link
In the Google Cloud Console, go to the Cloud Storage Browser page.
Go to Browser
Click the Bucket overflow menu () associated with the bucket to which you want to grant a member a role.
Choose Edit bucket permissions.
Click the + Add Members/Principal button.
In the New members field, enter one or more identities that need access to your bucket. If you want to serve your bucket to the public, then type allUsers
Select a role and grant Storage Legacy Object Reader(or roles) from the Select a role drop-down menu. You can check at (Legacy Role Permision reference).
Click Save.
Also, below steps is to route your bucket to desired html file.
For full details you can refer to this link Static website examples and tips
In the Google Cloud Console, go to the Cloud Storage Browser page.
Go to Browser
In the list of buckets, find the bucket you created.
Click the Bucket overflow menu () associated with the bucket and select Edit website configuration.
In the website configuration dialog, specify the main page and error page.
Click Save.
To learn how to get detailed error information about failed operations in the Cloud Storage browser, see Troubleshooting.

It seems like you are trying to connect directly to the object URL in your bucket.
If your goal is to setup a static website you have to configure the permissions of your bucket so it is accessible to the public and the set up a Load Balancer to serve it.
To configure the permissions for your bucket you can follow the steps here.
You can test if they are properly configured by trying to access the object with their URL http://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME, I recommend using a Incognito window to make sure it is accessible for all users.
Once you have configured the permissions you have to configure the Load Balancer, which you can do following this guide.
Please note that even though the guide says you need a domain you can test this feature by leaving the "Frontend configuration" as default and connecting directly to the Load Balancer IP address.
The changes to the "Edit website configuration" option in the buckets are applied to the Load Balancer.

Related

How should I set Google Cloud bucket permissions so that the files in it are publicly accessible via URL, but bucket structure is not accessible?

I have a Google Bucket that requires the files in it to be publicly accessible with direct URL. I set access to "allUsers"
However, I noticed that URL https://console.cloud.google.com/storage/browser/{bucket_name} opens when I use my other gmail account and I can see the entire bucket structure, read only.
How to properly set permissions so that other google account cannot access it?
Thank you!
Follow the below steps to make files in the bucket are publicly accessible via URL, but bucket structure is not accessible.
step -1:
While creating a bucket give the access control as fine grained or if you have already created a bucket change the access control from Uniform to Fine Grained.
Above step enable the ACL’s(Access control lists) for the object.
Step-2:
We need to set ACL’s for the object in the bucket.
1.Go to the Cloud Storage browser in the Google Cloud console.
2.Navigate to the object whose ACL you want to modify.
3.Choose Edit access from the more actions menu (3 dots on right side of the object) associated with the object.
4.Click Add item.
5.Give entity, name and Access as public, All users and reader respectively as shown in below image.
Click save.
Step-3:
https://console.cloud.google.com/storage/browser/{bucket_name}, Now from this URL all users cannot access the bucket.
Now select the object which you want to share, choose the copy public url from the more actions menu associated with the object. The url will be as (https://storage.googleapis.com/demobucket-0/Screenshot%202022-09-13%202.00.31%20PM.png), Now from this url anyone can access the object but cannot view the bucket details or structure.

Access Denied when accessing a page in a CloudFront Amazon S3 static website

I've deployed an Angular static website to Amazon S3 and used Cloudfront for it. When I'am accessing the default page myurl.com/ everything works fine and I can navigate through pages. But if I go to a certain page directly myurl.com/posts for example I get an access denied with cloudfront. If I do it with the amazon s3 website endpoint I get a 404 response.
S3
Cloudfront
The documentation states that a 403 will be returned in CloudFront for a number of reasons. One of the resolutions is The requested objects must exist in the bucket..
As you're trying to access an object that does not exist CloudFront may be turning this into the 403 that you are receiving.
You should attempt accessing a key that does exist only, and configure your s3 endpoint to use an error document for times when the page does not exist.
in my case, I set a default root object and things worked, after waiting for about 10 minutes so the setting changes sync.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html
To specify a default root object using the CloudFront console:
Sign in to the AWS Management Console and open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/.
In the list of distributions in the top pane, select the distribution to update.
In the Distribution Details pane, on the General tab, click Edit.
In the Edit Distribution dialog box, in the Default Root Object field, enter the file name of the default root object.
Enter only the object name, for example, index.html. Do not add a / before the object name.
To save your changes, click Yes, Edit.

Hosting react app on aws S3

I am trying to host my static application on aws s3 bucket. I have put my build folder files in bucket. It looks like this
But when I go to .s3-website..amazonaws.com index.jade gets downloaded instead of webapp getting opened.
I followed this tutorial https://www.fullstackreact.com/articles/deploying-a-react-app-to-s3/
How can I get my web app work?
Update:
When I changed content type of index.jade to text/html, the browser shows html text like this
Here is how I edit metadata key in aws console
now there is no download. But still web page is not getting served.
You need to enable static site hosting on your S3 bucket. To enable website hosting for an Amazon S3 bucket
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
In the list, choose the bucket that you want to use for your hosted website.
Choose the Properties tab.
Choose Static website hosting, and then choose Use this bucket to host a website.
You are prompted to provide the index document and any optional error documents and redirection rules that are needed.
Make sure to keep your bucket ACL as public. Also you need to parse your jade files to html.

Using a visit counter for a site hosted in Amazon's AWS S3

I am hosting a website using Amazon S3 and Route 53 as part of their Amazon Web Services. The site is up and running fine but would like to be able to easily keep track of how many people visit the site?
I know you have resolved this, but I hope it will help someone else.
Below is a copy/paste from relevant page of AWS site made on Nov 18 (use this link to page for latest version) :
If you want to track the number of visitors who access your website, enable logging for the root domain bucket. Enabling logging is optional.
To enable logging for your root domain bucket
Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
Create a bucket for logging named logs.example.com in the same AWS Region that the example.com and www.example.com buckets were created in.
Create two folders in the logs.example.com bucket; one named root, and the other named cdn. If you configure Amazon CloudFront to speed up your website, you will use the cdn folder.
In the Bucket name list, choose your root domain bucket, choose Properties, and then choose Server access logging.
Choose Enable logging.
For Target bucket, choose the bucket that you created for the log files, logs.example.com.
For Target prefix, type root/. This setting groups the log data files in the bucket in a folder named root so that they are easy to locate.
Choose Save.
You can now review your logs in the logs.example.com bucket, in both the root and cdn folders.
You can use any third-party counter in exactly the same way you would have it on non-S3 site. Do you experience any problem with any particular counter?

Host index.html in subfolders of S3 Bucket

Static website hosting is working in the root directory, but this is not working for me:
my.bucket/index.html
my.bucket/subfolder/index.html
https://s3-eu-west-1.amazonaws.com/my.bucket works as expected
https://s3-eu-west-1.amazonaws.com/my.bucket/subfolder doesn't work (Access Denied)
Is this possible?
There are (at least) three ways to access a static website hosted in AWS.
The S3 bucket name
The CDN name. (which is what the "host a static website" wizard tells you to use)
The "Static website hosting endpoint" which is listed on the S3 bucket management page
Only the "static website hosting endpoint" filters incoming requests to give Apache like behaviour; S3 is a RESTful API for storing files with no concept of subfolders.
If you have used the wizard, there is "Manage file in S3" in tiny text at the bottom left of the screen, which will open up the correct page in the console for you, then click the 'properties' button.
You need to modify the permissions of the sub-folder as well to make it publicly accessible.