stackoom
  简体   繁体   中英

Files uploaded with CloudFront 403 error when access Root account via AWS Console

 原文  2019-10-22 18:01:15       amazon-web-services/ amazon-s3/ amazon-cloudfront

Question

Uploading files through CloudFront to s3 bucket via a CloudFront Origin Access Identity runs successfully, however properties of the uploaded files are unable to be modified and some meta-data is unable to be accessed by the root user of my AWS account. I am able to get the files through the CloudFront endpoint, however I do not understand why I am not able to modify or access some fields of the uploaded files through my AWS root account via the AWS Management Console.

The default ACL in the s3 bucket is for the root user account as can be seen below:

AWS s3 ACL 选项卡

I added in a second policy to my bucket just to ensure that the root user has explicit access to the files. The full bucket policy can be seen below:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 00000000000000"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/stuff/",
                "arn:aws:s3:::my-bucket/stuff/*",
                "arn:aws:s3:::my-bucket/other-stuff/",
                "arn:aws:s3:::my-bucket/other-stuff/*"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::000000000000:root"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::my-bucket/stuff/",
                "arn:aws:s3:::my-bucket/stuff/*",
                "arn:aws:s3:::my-bucket/other-stuff/",
                "arn:aws:s3:::my-bucket/other-stuff/*"
            ]
        }
    ]
}

When I view a file that I have uploaded through CloudFront I am receiving a Access Denied for numerous options on the file overview tab:

AWS S3 存储桶文件概览选项卡

I am also receiving more Access Denied from the file properties tab on the same file: AWS S3 存储桶文件属性选项卡

1 answers

solution1
 3 ACCPTED  2019-10-23 03:54:25

You need to pass ACL "Bucket-owner-full-control" with the PUT/POST call you're making with CloudFront link and also modify the Bucket policy for CloudFront to allow you PutobjectACL.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cloudfront 403 error while accessing files uploaded by another account 403 error in CloudFront AWS for my amazon educate account AWS CloudFront with Signed URL: 403 Access Denied How to access newly, via AWS Organizations created root account? AWS Route 53 integration with Cloudfront error (403) Transferring AWS Root Account access when MFA is enabled AWS Cloudfront blacklist, access via VPN Are Get request with body allowed on AWS? 403 error from CloudFront Getting 403 (Forbidden) when loading AWS CloudFront file Why does AWS Cloudfront have a 403 error using Signed Urls
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM