Reputation: 789
When requested object from CF origin doesn't exist, s3 not following redirection rules (Access Denied instead)
I am building an on the fly image optimizer using CloudFront, S3, API Gateway, and Lambda, but right now I am still in the process of getting my CloudFront origin to fallback to my s3 custom error path.
Here's the flow I'm looking for:
- Request image from CloudFront
- Not There/Doesn't Exist? Check S3 origin.
- Not There/Doesn't Exist? Redirect to hellowrld.html
- Do whatever (the goal here, or even step three, is for the redirect to trigger a Lambda, which resizes the image and returns it back down the line to S3, CF, and the browser)
If I try to access an object that doesn't exist through CloudFront, It correctly follows the origin provided, but if the object doesn't exist in S3, I am given the classic Access Denied XML response as shown below. My Bucket definitely has the correct write permissions, and has public read access (for the moment)
Here is my CF Origins/Behaviors. Originally I just had the default origin, and one default behavior, which is really all i need, in my fiddling around i added a top level and a deep resizer/* level.
And here is my s3 Static Website Hosting section and redirection rules
I feel like I shouldn't even need the redirection rules because on error is should redirect to hellowrld.html (not a typo) which is just a fairly blank test html page currently.
Any help would be greatly appreciated! I know this otf image resizer is a very common use case for firing a Lambda upon not finding an object, but I cant find any examples where they put CloudFront in front of S3 in front of API Gateway/Lambda
Upvotes: 1
Views: 953
Answers (1)
Reputation: 422
Seems like you have added wrong http error codes in above Redirection rule. It should be 403 and 307. I have added full redirection rule which you can use :
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals/>
<HttpErrorCodeReturnedEquals>404</HttpErrorCodeReturnedEquals>
</Condition>
<Redirect>
<Protocol>https</Protocol>
<HostName>'your_api_gateway_url'</HostName>
<ReplaceKeyPrefixWith>prefix_name'?key=</ReplaceKeyPrefixWith>
<HttpRedirectCode>307</HttpRedirectCode>
</Redirect>
</RoutingRule>
</RoutingRules>
Upvotes: 1
Related Questions
- AWS CloudFront access denied to S3 bucket
- Custom redirection rules on S3 returns 403 when using CloudFront
- CloudFront is giving 403 for second origin
- Unable to access S3 objects via Cloudfront URL
- How to tell cloudfront to not cache 302 responses from S3 redirects, or, how else to workaround this image caching generation issue
- lambda cannot access to s3 bucket restricted by cloudfront
- AWS CloudFront Returns Access Denied from S3 Origin with Query String
- Coldfusion CFUPLOAD to S3 Permissions Issue - Can't view image
- CloudFront responds with 403 Forbidden instead of triggering Lambda
- S3 via CloudFront always gives me AccessDenied message