403 Forbidden when visiting my website-url via CloudFront

Question

I am using CloudFront in combination with a S3-bucket.

When I access my CloudFront-domain (d4...cloudfront.net) directly, everything works fine and I can see my website + SSL-certificate.

But when I access my website-url, I get an 403 Forbidden-message (An Error Occurred While Attempting to Retrieve a Custom Error Document).

This is the error I get:

This is the response-header:

What I tried so far:

• When I created the CloudFront-distribution, I selected "Origin Access Identity: Create a new Identity" and "Update Bucket Policy"
• I added a Custom Error Page, which returns StatusCode 200 and /index.html as the respone page

My S3 bucket is not public, because I only want my CloudFront to access the S3-Bucket with this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin 
                Access Identity ..."
           },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::www.../*"
        }
    ]
}

Answer 1

You will want to setup Origin Access Identity. This allows you to keep your bucket private and only allow access thru CloudFront. This is very easy to setup. I have included two links to walk you thru the steps and to help you understand everything.

enter link description here

Serving Private Content through CloudFront

This StackOverflow Q/A will help you also. Review the answer by "Michael - sqlbot".

Relationship between Origin Access Identities and CloudFront Signed Urls