问题描述
我已经创建了一个 Cloudfront 分发版和 S3 存储桶。
我在访问 Cloudfront url 时遇到 Access Denied 错误
asdf123456.cloudfront.net
我尝试在我的 cloudformation 模板中添加 custom error message,但仍然无法正常工作。
我在 Cloudformation 中的 Json 模板
{
"AWstemplateFormatVersion": "2010-09-09","Parameters": {
"S3BucketName": {
"Type": "String","Default": "test-server-dev"
},"S3BucketWebName": {
"Type": "String","Default": "test-web-dev"
},"CloudfrontdistributionoriginId": {
"Type": "String","Default": "test_dev"
}
},"Resources": {
"S3BucketWeb": {
"Type": "AWS::S3::Bucket","Properties": {
"BucketName": {
"Ref": "S3BucketWebName"
}
}
},"CloudfrontdistributionWeb": {
"Type" : "AWS::CloudFront::distribution","Properties" : {
"distributionConfig" : {
"CustomErrorResponses" : [
{
"ErrorCachingMinTTL" : 300,"ErrorCode" : 403,"ResponseCode" : 200,"ResponsePagePath" : "/index.html"
}
],"DefaultCacheBehavior": {
"AllowedMethods" : ["GET","HEAD"],"CachedMethods" : ["GET","CachePolicyId" : "658327ea-f89d-4fab-a63d-7e88639e58f6","Compress" : false,"TargetoriginId" : {
"Ref": "S3BucketWebName"
},"ViewerProtocolPolicy" : "redirect-to-https"
},"DefaultRootObject" : "index.html","Enabled" : true,"HttpVersion": "http2","IPV6Enabled" : true,"Origins" : [
{
"ConnectionAttempts" : 3,"ConnectionTimeout" : 10,"DomainName" : {
"Fn::GetAtt": [
"S3BucketWeb","DomainName"
]
},"Id" : {
"Ref": "S3BucketWebName"
},"S3OriginConfig": {
"OriginAccessIdentity" : ""
}
}
],"Restrictions" : {
"GeoRestriction" : {
"RestrictionType" : "none"
}
},"ViewerCertificate" : {
"CloudFrontDefaultCertificate" : true
}
}
}
}
}
}
更新
存储桶政策
{
"Version": "2008-10-17","Id": "PolicyForCloudFrontPrivateContent","Statement": [
{
"Sid": "1","Effect": "Allow","Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EBJE9SUE3W57Q"
},"Action": "s3:Getobject","Resource": "arn:aws:s3:::test-web-dev/*"
}
]
}
解决方法
我无法正确理解问题,但如果您在上传云形成模板时拒绝 s3 访问,那么您可能缺少允许执行此类操作的安全组或 IAM 角色,然后将其附加到形成模板自己。