Why is CloudFront returning HTTP response code 403 (Access Denied) from Amazon S3?

Why is CloudFront returning HTTP response code 403 (Access Denied) from Amazon S3?

Why is CloudFront returning HTTP response code 403 (Access Denied) from Amazon S3?

Find more details in the AWS Knowledge Center: https://repost.aws/knowledge-center/s
Kashif, an AWS Cloud Support Engineer, shows you what you can do if you are getting HTTP response code 403 (Access Denied) when using an S3 website endpoint as the origin of your CloudFront distribution.


Content

0.41 -> [Music]
8.63 -> [Music]
11.25 -> hello I'm Tasha a cloud Support Engineer
14.969 -> here at the AWS office in Sydney
18.14 -> sometimes customers ask me why am I
22.11 -> getting a 403 access denied error when
25.11 -> using an Amazon s3 website and point as
28.469 -> an origin in Amazon CloudFront
31.11 -> distribution so let me walk you through
34.43 -> resolving this error after signing in to
37.59 -> the AWS management console navigate to
40.26 -> Amazon CloudFront choose the
43.05 -> distribution and then choose
44.67 -> distribution settings choose the origin
48.12 -> view review the domain name format to
51.089 -> confirm the s3 end point type configure
53.819 -> as origin if the endpoint is in format
56.969 -> of bucket name dot s3 - website - region
61.289 -> dot Amazon AWS com
63.569 -> then make sure following requirements
65.309 -> are met first navigate to the s3 console
68.94 -> to confirm if the objects are publicly
71.49 -> accessible to the bucket policy or the
73.979 -> ACL review the bucket policy to confirm
77.55 -> that it doesn't contain a denied
79.35 -> statement which effects the get object
81.69 -> action if public read are given through
84.63 -> a bucket policy then make sure that the
86.88 -> bucket owner owns the object search for
90.75 -> the object which resulted in HTTP 403
93.75 -> error in the s3 console to make sure
96.3 -> that it exists if a requested object
100.32 -> doesn't exist and the bucket doesn't
102.42 -> allow public s3 less packet access then
105.81 -> the requester receives an HTTP 403 error
109.08 -> rather than an HTTP 404 error open the
112.89 -> object in the s3 console and confirm
116.04 -> that it's not encrypted with AWS kms
120.53 -> thanks for watching and happy cloud
123.03 -> computing from all of us here at a ws
127.36 -> [Music]
129.42 -> you
131.44 -> [Music]

Source: https://www.youtube.com/watch?v=kOk5esI6GHY