I am trying to use an S3 bucket to redirect from one website to another. The redirect from "http://example.com" works, but I can't get the redirect from "https://example.com", "http://www.example.com" or "https://www.example.com" to work.
I have an S3 bucket called "example.com". I then created a Cloudfront distribution, attached the custom SSL certificate, and added "example.com" and "www.example.com" as Alternate Domain Names.
I'm getting this access denied message:
I'm assuming that I am not doing something correctly on the policy settings for the S3 bucket. Any guidance?
I am using the following bucket policy:
I am not currently using the "Access Control List".
CodePudding user response:
For the Cloudfront Distribution redirection to https, it is necessary to configure ACM SSL certificates. provision a certificate exactly for the subdomain.example.com and use the same alternate domain name subdomain.example.com unless there would be an SSL handshake error.
- Select your Origin domain and path
- In the origin access -> use Origin access control settings (recommended) -> Origin access control -> Create Control Settings -> Copy the bucket policy from this screen and update it to your s3 bucket policy.
- Follow the behavior settings as follows: specify your Origin and origin groups
CodePudding user response:
Basically, there are 2 approaches that you can setup CloudFront with S3.
- Your S3 bucket is public accessible and CloudFront origin with S3 is public
- Ensure your S3 bucket does not having enabled Block Public Access
- Ensure your S3 bucket policy is having Public Read Access
- Ensure you can access your S3 bucket object publicly via your web-browser
- Ensure you have configured your CloudFront origin with S3 using Public mode
- Your S3 bucket is private and CloudFront origin must be configured with access control
- Ensure your S3 bucket is having enabled Block Public Access
- Ensure your S3 bucket policy is added with correct policy.
- Ensure you have configured your CloudFront origin with S3 using one of Access control mode, such as OAC
For testing, you can try the Public approach, but for better secure, you can follow the approach from Zeeshan comment.