从自定义域访问 static 站点时出现 403(禁止)错误
[英]Getting 403 (Forbidden) error when accessing static site from custom domain
问题描述
I'm setting up a static site on S3 and Cloudfront.
我正在 S3 和 Cloudfront 上设置 static 站点。 I've setup SSL, etc. on Cloudfront and I can access the site using the *.cloudfront.net URL.我已经在 Cloudfront 上设置了 SSL 等,我可以使用 *.cloudfront.net URL 访问该站点。 However, when accessing from the custom domain, I get the 403 error.但是,从自定义域访问时,出现 403 错误。 Does anyone know why?有谁知道为什么? The bucket policy is as follows:桶策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.mydomain.com/*"
}
]
}
This should permit access from the custom domain mydomain.com, right?这应该允许从自定义域 mydomain.com 进行访问,对吧?
For the sake of testing, I've tried setting "Principal": "*" , but it still gives 403.为了测试,我尝试设置"Principal": "*" ,但它仍然给出 403。
Any help appreciated.任何帮助表示赞赏。
3 个解决方案
解决方案1
0 2020-04-15 05:35:11
The issue is looks like caused by "Object is not publicly available for read".该问题看起来像是由“对象不可公开读取”引起的。
By default S3 Buckets are set to "block all public access."默认情况下,S3 存储桶设置为“阻止所有公共访问”。 So you need to check if it's disabled.所以你需要检查它是否被禁用。
And then You can configure your objects to be publicly available which can be done in 2 ways:然后您可以将您的对象配置为公开可用,这可以通过两种方式完成:
- Bucket Level Restriction via Policy 通过策略限制存储桶级别
- Object Level Restriction (in case you have a use case that requires granular control) Object 级别限制(如果您有需要精细控制的用例)
Lastly if you have scripts that uploads those contents you can also utilize this scripts to append restriction policy on demand.最后,如果您有上传这些内容的脚本,您也可以根据需要将此脚本用于 append 限制策略。
aws s3 cp /path/to/file s3://sample_bucket --acl public-read
解决方案2
0 已采纳 2020-04-15 10:23:16
I've fixed it now.我现在已经修好了。 I've mistakenly left 'Alternate Domain Names' blank.我错误地将“备用域名”留空。
解决方案3
0 2021-07-10 06:04:21
I know this is an older question, but I figured I'd add on for future searchers: make sure that (as of mid-2021) your Cloudfront origins are configured to hit example.com.s3-website-us-east-1.amazonaws.com instead of example.com.s3.amazonaws.com once you set your S3 bucket up for static website hosting - I got tripped up because (again, as of mid-2021) the Cloudfront UI suggests the latter, incorrect S3 URLs as dropdown autocompletes and they're close enough that you might not figure out what's the subtle difference if you're trying to go from memory instead of following the docs.我知道这是一个较老的问题,但我想我会为未来的搜索者补充:确保(截至 2021 年年中)您的 Cloudfront 来源配置为命中 example.com.s3-website-us-east-1 .amazonaws.com instead of example.com.s3.amazonaws.com once you set your S3 bucket up for static website hosting - I got tripped up because (again, as of mid-2021) the Cloudfront UI suggests the latter, incorrect S3 URL 作为下拉自动完成,并且它们足够接近,如果您尝试从 memory 而不是遵循文档,那么您可能无法弄清楚细微差别是什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.