我已经创建了一个 Cloudfront 分发和 S3 存储桶。
我在访问 Cloudfront 网址时遇到 Access Denied
错误
asdf123456.cloudfront.net
我尝试在我的 cloudformation 模板中添加自定义错误消息
,但仍然无法正常工作。
Cloudformation 中的我的 Json 模板
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"S3BucketName": {
"Type": "String",
"Default": "test-server-dev"
},
"S3BucketWebName": {
"Type": "String",
"Default": "test-web-dev"
},
"CloudfrontDistributionOriginId": {
"Type": "String",
"Default": "test_dev"
}
},
"Resources": {
"S3BucketWeb": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {
"Ref": "S3BucketWebName"
}
}
},
"CloudfrontDistributionWeb": {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"CustomErrorResponses" : [
{
"ErrorCachingMinTTL" : 300,
"ErrorCode" : 403,
"ResponseCode" : 200,
"ResponsePagePath" : "/index.html"
}
],
"DefaultCacheBehavior": {
"AllowedMethods" : ["GET", "HEAD"],
"CachedMethods" : ["GET", "HEAD"],
"CachePolicyId" : "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress" : false,
"TargetOriginId" : {
"Ref": "S3BucketWebName"
},
"ViewerProtocolPolicy" : "redirect-to-https"
},
"DefaultRootObject" : "index.html",
"Enabled" : true,
"HttpVersion": "http2",
"IPV6Enabled" : true,
"Origins" : [
{
"ConnectionAttempts" : 3,
"ConnectionTimeout" : 10,
"DomainName" : {
"Fn::GetAtt": [
"S3BucketWeb",
"DomainName"
]
},
"Id" : {
"Ref": "S3BucketWebName"
},
"S3OriginConfig": {
"OriginAccessIdentity" : ""
}
}
],
"Restrictions" : {
"GeoRestriction" : {
"RestrictionType" : "none"
}
},
"ViewerCertificate" : {
"CloudFrontDefaultCertificate" : true
}
}
}
}
}
}
更新
存储桶策略
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EBJE9SUE3W57Q"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-web-dev/*"
}
]
}
最佳答案
我无法正确理解这个问题,但如果您在上传云形成模板时遇到 s3 访问被拒绝的情况,那么您可能缺少允许执行此类操作然后将其附加到形成模板的安全组或 IAM 角色本身。
关于amazon-web-services - aws cloudfront - S3 拒绝访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66868901/