Multiple S3 buckets in the same CloudFront distribution

Question

I created a Cloudfront distribution with a CNAME images.domain.com with SSL, and I have 2 S3 buckets: one for user uploads, one for product pictures

The default bucket is the uploads bucket

I would like to use the same CloudFront for both buckets.

So I added the 2 buckets as origins and created a "Behavior", with the path /products/* using my product bucket as origin

My "Behaviors" are :

1. /products/* to: products bucket (precedence = 0)
2. Default (*) to: uploads bucket (precedence = 1)

When I go to images.domain.com/products/78/34.jpg I get an AccessDenied

The file "78/34.jpg" is present in my products bucket

Files from the other bucket are working fine (ie images.domain.com/upload67.jpg with upload67.jpg in the uploads bucket)

Answer 1

The pattern /products/* matches all objects in the specified origin bucket that are in a folder called 'products'. So, the key needs to be products/78/34.jpg.

If you create a folder called 'products' inside the products bucket and move the 73/34.jpg file in to it, the images.domain.com/products/78/34.jpg url should then work (you might need to invalidate if you recently got a error before creating the folder).

Answer 2

I think you should add access public policy to your products bucket

{
  "Version":"2008-10-17",
  "Statement":[{
    "Sid":"AllowPublicRead",
        "Effect":"Allow",
      "Principal": {
            "AWS": "*"
         },
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::bucket/*"
      ]
    }
  ]
}

Make sure you replace bucket in arn:aws:s3:::bucket/* with your bucket name.