Amazon Web Services – Correctly Accessing CloudFront from Amazon S3
Sometimes users of Amazon Cloudfront get a 403 Access Denied error when using an Amazon S3 website endpoint as an origin in Amazon CloudFront distribution. So, in this article, we will work through resolving this error.
To resolve the Access Denied Error follow the below steps:
Step 1: After signing in to the AWS management console navigate to Amazon CloudFront.
Step 2: Choose the distribution and then choose distribution settings.
Step 3: Now choose the origin view.
Step 4: Now review the domain name format to confirm the S3 endpoint type, configure it as the origin. If the endpoint isn’t formatted off bucket name “.S3-website-region.amazonaws.com”, then make sure the following requirements are met.
- First, navigate the S3 console to confirm if the objects are publicly accessible to the bucket policy or the ACL. Review the bucket policy to confirm that it does not contain a derived statement, which affects the get object action.
- If the public read is given through a bucket policy, then make sure the bucket owner owns the object.
- Search for the object which resulted in an HTTP 403 error in the console to make sure that it exists. If the requested object does not exist, and the bucket doesn’t allow public S3 list bucket access, then the request receives an HTTP 403 error rather than an HTTP 404 error.
- Open the object in the asterisk console, and confirm that it is not encrypted with AWS-KMS.