I've set up an example static website on Amazon S3 and I added a custom folder to it with file inside: custom-folder/index.html, but
I'm getting Access Denied error when trying to access url /custom-folder.
The index document is configured to be index.html, so S3 should serve index.html when I'm accessing /custom-folder url, but it doesn't work.
How can I fix this?
It seems you are using the wrong URL to access the bucket.
For example, when you enable to static website hosting feature in S3 (us-west-2 in this example), you are given a URL with the following format:
Endpoint : http://bucket-name.s3-website-us-west-2.amazonaws.com
You can see your endpoint by going to S3 > Click on your bucket > Bucket Properties > Static website hosting > should reveal your endpoint.
In case it helps anyone else, I was using a AWS Cloudfront Distribution on top of an S3 bucket.
The solution to the "Access Denied" issue for me was to perform the / to /index.html redirect in Cloudfront (rather than S3).
This is achieved by setting the "Default Root Object" to index.html on the AWS Cloudfront Distribution (and disabling "Static website hosting" entirely in S3).
Related
I am unable to access S3 objects and Bucket via cloud front URL.
I have created CLOUDFRONT Distribution ( Web ) and setup origin path to media folder in my S3 bucket. ( /media)
CF url is pointing to bucket/media , but i am unable to access it from my web application as well as browser.
I am trying to access like below:
http://d1xdpXXXXX.cloudfront.net/media/images/Tiger.jpg
Tiger.jpg can be accessed via s3 url.
I also tried http://d1xdpXXXXX.cloudfront.net but i am getting below error:
<Error>
<Code>NoSuchBucket</Code>
<Message>The specified bucket does not exist</Message>
<BucketName>d1xdpwiqgrffrd.cloudfront.net</BucketName>
<RequestId>484BBB2F7907172F</RequestId>
<HostId>+bLr4Qx+uawbq4YNIOuKGCQVDGQQQsifGnNt9J5Pn+r3mqbDiVYcpNZRUfnCyPnHxewfMVp3QYc=</HostId>
</Error>
Please help.
CF Distribution settings
Access denied error
You have already added the path in cloudfront origin.
So, you don't have to add that in cloudfront url you are using to download.
Just use
http://d1xdpXXXXX.cloudfront.net/images/Tiger.jpg
as /media is already part of the distribution.
Following is what I'm doing. I'm generating a pre-signed URL using a custom domain for my s3 bucket resources which are not public.
https://files.customdomain.com/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
Also to add the certificate I've created a cloudfront distribution for the bucket having following origin settings
Origin Domain Name: bucket-name.s3.amazonaws.com
Origin Id : s3.bucket-name
Restrict Bucket Access: No
Yet I'm unable to access my resources. Throws access denied error. Any help would be appreciated.
There are two cases:
If your bucket has regular name.
In this case you should use CloudFront to access your bucket.
And like mentioned above URL looks like in this answer:
https://cloudfront-url/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
If your bucket has s3 static website name.
In this case your bucket name looks like files.customdomain.com and you can generate pre-signed url for this bucket:
https://files.customdomain.com/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
In your DNS you will have CNAME files.customdomain.com points to files.customdomain.com.s3.[bucket-region].amazonaws.com.
NOTICE
When I generate pre-signed URL via aws-cli:
aws s3 presign s3://files.customdomain.com/file123 --endpoint-url https://files.customdomain.com
I get URL with duplicate bucket name in the path:
https://files.customdomain.com/files.customdomain.com/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
instead of:
https://files.customdomain.com/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
I don't know if it has the same behavior via SDK.
Have you tried initializing S3 with the custom url var S3 = new AWS.S3({endpoint: 'media.domain.com', s3BucketEndpoint: true});
More info https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html
Also, make sure signature is correct as well https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
Ref : https://github.com/aws/aws-sdk-js/issues/891
When using S3 with CloudFront, you don't want an S3 signed URL... you want a CloudFront signed URL.
Read Configuring Security and Limiting Access to Content in the CloudFront developer guide.
I found a solution for this question. The signed url needs to be generated for cloudfront url endpoint from s3 bucket. Therefore instead of
https://files.customdomain.com/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
it needs to be
https://cloudfront-url/file123?AWSAccessKeyId=XXX&Expires=1541220685&Signature=XXXX
and DNS records had to resolve custom domain to cloudfront url.
I have created a record set for my webiste volcalc.io and www.volcalc.io which is stored in an s3 bucket.
When I try to browse to the website I see this error:
404 Not Found
Code: NoSuchBucket
Message: The specified bucket does not exist
BucketName: volcalc.io
RequestId: xxx
HostId: xxx
The bucket name is www.volcalc.io, not volcalc.io
How do I change it to make it look for bucket named www.volcalc.io?
See Setting Up a Static Website Using a Custom Domain.
To allow requests for both example.com and www.example.com, you need to create two buckets even though you will host content in only one of them. You will need to configure the other bucket to redirect requests to the bucket that hosts the content.
i am trying to access cloudfront to s3 bucket object response "AccessDenied".
xxxxxxxxxxxxx.cloudfront.net/bucket_name/35.jpg
inside bucket i can access url this is "public" url.
https://s3.ap-south-1.amazonaws.com/bucket_name/35.jpg
I am also try another bucket with another cloudfront ID with signed URL result is same. Please view code here =>
amazon cloudfront Error "AccessDenied"
You should:
Configure your CloudFront distribution with an Origin to point to your S3 bucket
Access the content via: xxxx.cloudfront.net/35.jpg
See:
Using Amazon S3 Origins and Custom Origins for Web Distributions
Using CloudFront with Amazon S3
Task List for Creating a Web Distribution
I have hosted static website on S3 bucket on that link "http://buck.mybuck.s3-website-eu-west-1.amazonaws.com/" now i want to restrict access on images folder "url/images/*" , so that other user can not access directly from URL.
is it possible to configure on CORS ? if yes then how ?