简体繁体 English

AWS Route 53 与 Cloudfront 集成错误 (403)

[英]AWS Route 53 integration with Cloudfront error (403)

原文 2017-10-25 15:14:27 2 3 amazon-web-services/ amazon-s3/ amazon-cloudfront/ amazon-route53

I deployed a react app to AWS recently after following this tutorial , everything is working fine except when I wanted to integrate a custom domain that I bought recently using AWS Route 53, I get an error (403).在遵循本教程后，我最近向 AWS 部署了一个 React 应用程序，一切正常，除非我想集成我最近使用 AWS Route 53 购买的自定义域时，出现错误 (403)。

For the integration of Route 53 with CloudFront I followed these steps in the docs as they are, I know that my problem is related to some sort of permission authority, but I don't know where exactly I did something wrong.对于 Route 53 与 CloudFront 的集成，我按照文档中的这些步骤进行了操作，我知道我的问题与某种权限有关，但我不知道我到底做错了什么。

3 个解决方案

已解决，我的问题与CloudFront分配的未分配备用域名 (CNAME)有关。

Adding additional information regarding the two answers above.添加有关上述两个答案的其他信息。

As described in How do I resolve the error "The request could not be satisfied. Bad Request" from Amazon CloudFront :如我如何解决来自 Amazon CloudFront 的错误“无法满足请求。错误的请求”中所述：

This error message "The request could not be satisfied. Bad Request."此错误消息“无法满足请求。请求错误。” is from the client and the error can occur due to one of the following reasons:来自客户端，错误可能由于以下原因之一而发生：

1) The request is initiated over HTTP, but the CloudFront distribution is configured to allow only HTTPS requests. 1) 请求通过 HTTP 发起，但 CloudFront 分配配置为仅允许 HTTPS 请求。

2) The requested alternate domain name (CNAME) isn't associated with the CloudFront distribution. 2) 请求的备用域名 (CNAME) 与 CloudFront 分配无关。

Solution for #1 : #1 的解决方案：
Open the Amazon CloudFront console -> Select the relevant distribution -> Go Behaviors view -> Choose the behavior that matches the request and Edit -> Then select in the Viewer Protocol Policy between the options of: HTTP and HTTPS or Redirect HTTP to HTTPS .打开 Amazon CloudFront 控制台 -> 选择相关分配 -> 转到行为视图 -> 选择与请求匹配的行为和编辑 -> 然后在查看器协议策略中选择以下选项： HTTP and HTTPS或Redirect HTTP to HTTPS 。

Solution for #2 : #2 的解决方案：
Since this release when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.自此版本起，当您将备用域名添加到分配时，您还必须将 SSL/TLS 证书附加到该分配以覆盖备用域名。

So, first of all make sure that you do the following before you update your distribution to add an alternate domain name:因此，首先请确保在更新您的发行版以添加备用域名之前执行以下操作：

A) Register the domain name with domain provider (GoDadday, CloudFlare, Route 53 etc'). A) 向域名提供商（GoDadday、CloudFlare、Route 53 等）注册域名。

B) Add a certificate from an authorized certificate authority (for example - Let's Encrypt ) to CloudFront that covers the domain name you plan to use with the distribution, to validate that you are authorized to use the domain. B) 将来自授权证书颁发机构（例如 - Let's Encrypt ）的证书添加到 CloudFront，该证书涵盖您计划用于分配的域名，以验证您是否有权使用该域。 (Read more in here ). （在此处阅读更多信息）。

And only then:只有这样：
Open Amazon CloudFront console -> General view -> Edit -> Alternate Domain Names (CNAMEs) -> enter the CNAME that you want to associate with the CloudFront distribution (for example www or home ).打开 Amazon CloudFront 控制台 -> 常规视图 -> 编辑 -> 备用域名 (CNAME) -> 输入要与 CloudFront 分配关联的 CNAME（例如www或home ）。