I have set up an AWS S3 bucket to host a static website with my own URL. All permissions on the bucket and the files inside are public. I confirmed this by opening the public link for the index.html page. When I type in my URL (ianpritchard.com), I get an internal server error. I put logging on the bucket, and see an access denied on my request. Does anyone have any idea why? I did set up A records in my hosted zone.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>xxx</RequestId>
<HostId> xxxx </HostId>
</Error>
The bucket policy is here -
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::xxxx/"
}
]
}
Problem with your setup is your IP is pointing to corporate IP instead of AWS.
There is a clean setup procedure given by AWS for hosting domains,
https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html
in 4 steps.
Before You Begin
Step 1: Register a Domain
Step 2: Create and Configure Buckets and Upload Data
Step 3: Add Alias Records for example.com and www.example.com
Step 4: Testing
Hope it helps.
You policy looks odd, resource should be xxx/* and principal should *:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"publicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::xxxx/*"]
}
]
}
See some example here
Not sure why/how you're able to get index.html, post your public link for the index.html page:
Related
I have a CloudFront distribution setup that points to an S3 bucket whose purpose is to host a website. Whenever I go to a nested page: /path1/path2, the page renders fine. If I refresh the page, I get presented with:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>89F25EB47DDA64D5</RequestId>
<HostId>Z2xAduhEswbdBqTB/cgCggm/jVG24dPZjy1GScs9ak0w95rF4I0SnDnJrUKHHQC</HostId>
</Error>
The website is hosted on a private S3 bucket that can only be accessed via an OAI, that has the following permissions:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "PolicyForCloudFrontPrivateContent",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1XXXXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::frontend-bucket-XXXXXXXXXXXX/*"
},
{
"Sid": "Enforce SSL",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::frontend-bucket-XXXXXXXXXXXX",
"arn:aws:s3:::frontend-bucket-XXXXXXXXXXXX/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
I've read a tonne of StackOverflow questions about people experiencing the same issue. Here's what I've tried so far (nothing worked):
Changed bucket name from <website bucket>.s3.us-west-2.amazonaws.com to <website bucket>.s3-website-us-west-2.amazonaws.com
Added custom responses for 404 & 403 error to return a 200 response, with a response page path of /index.html and 0 TTL. Instead of returning an AccessDenied XML formatted page, it returns blank pages.
I've added an invalidation to the /* paths
Again, whenever I hit the URL of nested pages path the first time it works fine. If I'm just hitting the base URL with no nested paths, I don't run into this issue at all. When I refresh that same page, that's when things break. What am I doing wrong?
This is not an issue with cloudfront or s3 as long as you have made the objects in the s3 bucket public and cloudfront is pointing right. This is a very common case when people try to host react based websites on the s3 bucket. This can be solved by multiple methods one of them are :-
While configuring your s3 bucket to be served as static website, just point the error document to index.html
I am trying to create an S3 bucket for my Next JS App to serve all images.
When going to the Object URL, I receive this error:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>6SB4RB915NRGND12</RequestId>
<HostId>nPvYg2FlnBW9cmG+R4HmMI5K++WgIftGt/FO1WZ6IFZg2qwhAO+vbjC3AM698PP9+p8h5O1WlzU=</HostId>
</Error>
I have therefore, attempted to create an Access Policy for the s3 bucket directory, but have an issue on the Resource line:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Principal": "*",
"Effect": "Allow",
"Action": ["s3:getObject"],
"Resource": ["arn:aws:s3:::hiredinchina-images/*"]
}
]
}
The issue: "Unsuppored Resource ARN In Policy"
Bonus: If you could also help me just make these objects available for my website, that'd be even better. Any tips welcomed. This is my first attempt.
I think you shoud remove the [] in resource line.
If you want to use S3 to host website, there are a lot of blogs for that. For NextJS with S3, you can read here: https://dev.to/parmentierchristophe/how-to-deploy-static-next-js-to-aws-s3-1d4f
I'm trying to setup Cloudfront to give customers read access to private files in s3 using signed cookies. I'm however getting the error NoSuchBucket and strangely the cloudfront domain as the BucketName. During troubleshooting, I tried to eliminate any possible complication and have now a simple public s3 bucket called "abc" and can access a file I uploaded via http://abc.s3.eu-central-1.amazonaws.com/test.txt.
For the distribution, I also made it as simple as possible - I selected the s3 bucket, but left all other settings as default. The domain name is dxyz.cloudfront.net. The only other thing I did was to create a Origin access identity and added a bucket policy:
{
"Version": "2012-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EFG"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::abc/*"
}
]
}
EFG being the ID of the OAI.
The error is
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>NoSuchBucket</Code>
<Message>The specified bucket does not exist</Message>
<BucketName>dxyz.cloudfront.net</BucketName>
<RequestId>F123</RequestId>
<HostId>random_characters</HostId>
</Error>
the bucket is setup eu-central-1 - just in case that matters.
Any ideas, any hints?
thanks
I had the same problem. Following Michael's suggestion in his comment I switch to legacy caching, and left everything default so only GET/HEAD were cached. Totally resolved the issue
I want to make my aws bucket public, I have uploaded some images and now I want to access all using backend but object url not working in any case.
Already tried-
Make the bucket policy public.
Already 'Public access' enable.
Disable 'Block all public access'.
Upload using flutter app
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>13CF32E47FC7A79D</RequestId>
<HostId>
z5CK+xZJJwb15rP/JKyRXnw13XPvO/qwpdeXpcphehm3bE6Tl89qGN/+wiK3m+QcTA0/ESV+/uY=
</HostId>
</Error>
How can I grant public read access to some objects in my Amazon S3 bucket?
You need to make bucket public and add Bucket Policy into your bucket Permissions settings. Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-name-example/*"
}
]
}
I created an S3 bucket, and set it up as a Static Website as instructed in http://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html
Afterwards, the basic domain is returning a AccessDenied:
http://www.mydomain.com.s3-us-west-1.amazonaws.com/
However, my index page serves just fine:
http://www.mydomain.com.s3-us-west-1.amazonaws.com/index.html
So it isn't related to the permissions of the files in the bucket (those are public now)
I get the feeling that I am missing a piece that links http://www.mydomain.com.s3-us-west-1.amazonaws.com/ to http://www.mydomain.com.s3-us-west-1.amazonaws.com/index.html, yet the docs read as though the "Static Web Hosting" property should do it all as long as you specify the index.html and error.html.
My bucket policy is standard:
{
"Version": "2012-10-17",
"Id": "PublicBucketPolicy",
"Statement": [
{
"Sid": "Stmt1482880670019",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.mydomain.com/*"
}
]
}
Note: I didn't do the route 53 setup, because I want to direct my websites DNS CNAME to www.mydomain.com.s3-us-west-1.amazonaws.com once I see it working.
Your endpoint is wrong: www.mydomain.com.s3-eu-west-1.amazonaws.com
It looks like you configured your bucket in eu-west-1, but you are referencing us-west-1.
However, you are not using the correct URL for S3 web site. The URL must have "s3-website-" in the name like this example:
www.mydomain.com.s3-website-eu-west-1.amazonaws.com
Start over with this document and double check each step:
Setting up a Static Website Using a Custom Domain