Establishing Cloudfront at a S3 static site

Debugging Cloudfront with S3 AccessDenied issues

Published: Monday, Nov 2, 2020 Last modified: Monday, Jun 14, 2021

Access denied

You setup Cloudfront via the Web console and you choose your bucket: $BUCKETNAME.s3.amazonaws.com

However you get Access Denied message… why?! You probably forgot to setup Static website hosting.

$ aws s3api get-bucket-website --bucket $BUCKETNAME
An error occurred (NoSuchWebsiteConfiguration) when calling the GetBucketWebsite operation: The specified bucket does not have a website configuration

Ok, you now enable Bucket hosting with index.html and error.html. STILL AccessDenied !

$ curl -i https://$BUCKETNAME
HTTP/2 403
content-type: application/xml
x-amz-bucket-region: ap-southeast-1
date: Mon, 02 Nov 2020 04:05:38 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 46dd9ae2d97161deaefbdceeae5f57ac.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN2-C1
x-amz-cf-id: EX6UdyfrGkpSeeIB8hcA_ruVUOGGKL4MqDFfv3AKkNApuB9ven1pDQ==
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E17702FA02F90F73</RequestId><HostId>lpBo/PK6KNMHN2JnnmhYcURvhCuDTqca7Cy8q0mqZWWUmjgGgHbwPQ/VEd/gnSU+m8Su8nonfM4=</HostId></Error>[

You need to update the origin to $BUCKETNAME.s3-website-ap-southeast-1.amazonaws.com