8

I have one account with privilege to manage S3 (S3_User), and another one to manage Cloud Front (Cloud_Front_User).

Now, I've created a bucket "bucketname" with S3_User and a distribution with Cloud_Front_User with origin my S3 Bucket.

When I tried to access a resource through Cloudfront I get this 

<Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>555667558C0B2698</RequestId> <HostId> QP0y2/XTsJqItm815aDsdoLTF853zMeEPUAykvxjzdFfU1WwfXHioa6CeLWmc96RDVJopBu+eLE= </HostId> </Error>

I've set this: http://cl.ly/image/1s0I1H3A3p1N

but when I click on "Save", after some time I get an error message saying that it wasn't able to set identity on the S3 bucket. I think this is because I manage CLoudFront with "Cloud_Front_User" and S3 with "S3_User". So, how could I manually set S3 policy on the bucket to allow CloudFront to access s3?

S3 Bucket policy

{ "Version": "2012-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": " Grant a CloudFront Origin Identity access to support private content", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E780000000000" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::socialacademy/*" } ] }

enter image description here

Improve this question

2 Answers 2

Reset to default
2

Resolved changing my url

FROM

http://ID.cloudfront.net/bucket/uploads/academy/logo/1/logo.jpg

TO

http://ID.cloudfront.net/uploads/academy/logo/1/logo.jpg

Improve this answer
1
  • 2
    Those images are gone now Commented Jun 19, 2015 at 4:56
1

See this solution..

https://havecamerawilltravel.com/photographer/how-allow-public-access-amazon-bucket

How to Allow Public Access to an Amazon S3 Bucket If you're trying to allow anyone to download or open files in an Amazon S3 Bucket, here's how to do it.

amazon web services

  1. Copy and paste this code in the Bucket Policy Editor popup. You’ll need to replace “YOUR-BUCKET-NAME” with your full bucket name.

Sample policy:

{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*" } ] }
Improve this answer
1
  • It's not recommended to make your S3 bucket publicly accessible - the preferred way is via a service such as CloudFront and require it to be used in order to access the objects in the bucket. Commented Aug 15, 2021 at 11:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.