gpt4 book ai didi

amazon-web-services - aws cloudfront - S3 拒绝访问

转载 作者:行者123 更新时间:2023-12-03 07:41:21 26 4
gpt4 key购买 nike

我已经创建了一个 Cloudfront 分发和 S3 存储桶。
我在访问 Cloudfront 网址时遇到 Access Denied 错误asdf123456.cloudfront.net

我尝试在我的 cloudformation 模板中添加自定义错误消息,但仍然无法正常工作。

Cloudformation 中的我的 Json 模板

{
"AWSTemplateFormatVersion": "2010-09-09",

"Parameters": {
"S3BucketName": {
"Type": "String",
"Default": "test-server-dev"
},
"S3BucketWebName": {
"Type": "String",
"Default": "test-web-dev"
},
"CloudfrontDistributionOriginId": {
"Type": "String",
"Default": "test_dev"
}
},

"Resources": {
"S3BucketWeb": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {
"Ref": "S3BucketWebName"
}
}
},
"CloudfrontDistributionWeb": {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"CustomErrorResponses" : [
{
"ErrorCachingMinTTL" : 300,
"ErrorCode" : 403,
"ResponseCode" : 200,
"ResponsePagePath" : "/index.html"
}
],
"DefaultCacheBehavior": {
"AllowedMethods" : ["GET", "HEAD"],
"CachedMethods" : ["GET", "HEAD"],
"CachePolicyId" : "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress" : false,
"TargetOriginId" : {
"Ref": "S3BucketWebName"
},
"ViewerProtocolPolicy" : "redirect-to-https"
},
"DefaultRootObject" : "index.html",
"Enabled" : true,
"HttpVersion": "http2",
"IPV6Enabled" : true,
"Origins" : [
{
"ConnectionAttempts" : 3,
"ConnectionTimeout" : 10,
"DomainName" : {
"Fn::GetAtt": [
"S3BucketWeb",
"DomainName"
]
},
"Id" : {
"Ref": "S3BucketWebName"
},
"S3OriginConfig": {
"OriginAccessIdentity" : ""
}
}
],
"Restrictions" : {
"GeoRestriction" : {
"RestrictionType" : "none"
}
},
"ViewerCertificate" : {
"CloudFrontDefaultCertificate" : true
}
}
}
}
}
}

更新

存储桶策略

{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EBJE9SUE3W57Q"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-web-dev/*"
}
]
}

最佳答案

我无法正确理解这个问题,但如果您在上传云形成模板时遇到 s3 访问被拒绝的情况,那么您可能缺少允许执行此类操作然后将其附加到形成模板的安全组或 IAM 角色本身。

关于amazon-web-services - aws cloudfront - S3 拒绝访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66868901/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com