aws cloudfront - 使用 S3 拒絕訪問
[英]aws cloudfront - Access Denied with S3
問題描述
我創建了一個雲端分發和 S3 存儲桶。
我在訪問 Cloudfront url asdf123456.cloudfront.net時遇到Access Denied訪問錯誤
我嘗試在我的 cloudformation 模板中添加custom error message ,但仍然無法正常工作。
我在 Cloudformation 中的 Json 模板
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"S3BucketName": {
"Type": "String",
"Default": "test-server-dev"
},
"S3BucketWebName": {
"Type": "String",
"Default": "test-web-dev"
},
"CloudfrontDistributionOriginId": {
"Type": "String",
"Default": "test_dev"
}
},
"Resources": {
"S3BucketWeb": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {
"Ref": "S3BucketWebName"
}
}
},
"CloudfrontDistributionWeb": {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"CustomErrorResponses" : [
{
"ErrorCachingMinTTL" : 300,
"ErrorCode" : 403,
"ResponseCode" : 200,
"ResponsePagePath" : "/index.html"
}
],
"DefaultCacheBehavior": {
"AllowedMethods" : ["GET", "HEAD"],
"CachedMethods" : ["GET", "HEAD"],
"CachePolicyId" : "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress" : false,
"TargetOriginId" : {
"Ref": "S3BucketWebName"
},
"ViewerProtocolPolicy" : "redirect-to-https"
},
"DefaultRootObject" : "index.html",
"Enabled" : true,
"HttpVersion": "http2",
"IPV6Enabled" : true,
"Origins" : [
{
"ConnectionAttempts" : 3,
"ConnectionTimeout" : 10,
"DomainName" : {
"Fn::GetAtt": [
"S3BucketWeb",
"DomainName"
]
},
"Id" : {
"Ref": "S3BucketWebName"
},
"S3OriginConfig": {
"OriginAccessIdentity" : ""
}
}
],
"Restrictions" : {
"GeoRestriction" : {
"RestrictionType" : "none"
}
},
"ViewerCertificate" : {
"CloudFrontDefaultCertificate" : true
}
}
}
}
}
}
更新
桶策略
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EBJE9SUE3W57Q"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-web-dev/*"
}
]
}
1 個解決方案
解決方案1
0 2021-03-30 10:18:59
我無法正確理解這個問題,但如果您在上傳雲形成模板時拒絕 s3 訪問,那么您可能缺少允許執行此類操作然后將其附加到形成模板本身的安全組或 IAM 角色。
身份驗證后請求路由時拒絕訪問 - AWS Cloudfront 和 AWS S3
[英]Access Denied when requesting route after authentication - AWS Cloudfront and AWS S3
基於 S3 存儲桶的 AWS Cloudfront 分配,跨賬戶對象被拒絕訪問
[英]AWS Cloudfront distribution based on S3 bucket with cross-account objects getting Access denied
AWS CloudFront 使用查詢字符串返回拒絕來自 S3 源的訪問
[英]AWS CloudFront Returns Access Denied from S3 Origin with Query String
托管在 AWS 重定向上的 Angular 應用程序在 S3 之前提供拒絕訪問
[英]Angular application hosted on AWS redirection gives access denied having cloudfront ahead of S3
Cloudfront 在沒有公共訪問的情況下為 S3 存儲桶源提供通過 AWS CDK Python 創建的訪問被拒絕的響應
[英]Cloudfront give Access denied response created through AWS CDK Python for S3 bucket origin without public Access
在 Cloudfront s3 發行版中使用有序緩存訪問被拒絕 (403)
[英]Access Denied (403) with ordered cache in Cloudfront s3 distribution
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
AWS - Cloudfront / S3 - 拒絕訪問
AWS CloudFront 訪問 S3 存儲桶被拒絕
身份驗證后請求路由時拒絕訪問 - AWS Cloudfront 和 AWS S3
AWS S3 訪問被拒絕
AWS S3和CloudFront限制存儲桶訪問
基於 S3 存儲桶的 AWS Cloudfront 分配,跨賬戶對象被拒絕訪問
AWS CloudFront 使用查詢字符串返回拒絕來自 S3 源的訪問
托管在 AWS 重定向上的 Angular 應用程序在 S3 之前提供拒絕訪問
Cloudfront 在沒有公共訪問的情況下為 S3 存儲桶源提供通過 AWS CDK Python 創建的訪問被拒絕的響應
在 Cloudfront s3 發行版中使用有序緩存訪問被拒絕 (403)
相關標簽