Reputation: 1881
AWS Cloudfront Presigned URL error "no such key"
I'm creating an Amazon presigned url to give my Cloudfront links an expiry date.
The link works, showing that the object is accessible (parts in bold protected for Stack Overflow):
http://MY CLOUDFRONT URL/3304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3
However the object with a policy attached does not work.
http://MY CLOUDFRONT URL/3304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2QzMGk2b214eWxiZ3FxLmNsb3VkZnJvbnQubmV0L2F1ZGlvLzEtODNiNjMzMDQ2ODZlNGExMTc2NjE3YTBkNTE1ZWM2OWFiZDFlNGU3NjVkNGMzNzMwZTE0YzcubXAzIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTcyNTIwNDU2fX19XX0_&Signature=Ch4GtdMAKDe8cdBCzAMDEj3C6QeDoc68P76V0iDfH-gNawYlTqQ9M04jZB2PL4weJuV~6nLT8HlHImJvtVdD17J4P1Lva24r3IC5bTdWlMVDOqOlpAV81yMppmg7kNi6Y6ySBofZ~4e-WyDeDTqGLbcG~TQxOWOwppHaVN9nuPaLu8JX2iHD28BqHDghQXR-dGRjbCVfku5SHXsAVXPZMBEaAhpGxBMFE00gho6rGUKtgH8-TOiUmGWsxlBNjx1SGBKAwwiV~m-uKBR~6m5qLrEgJI28XmESZKjidrQsaH~qbYVVyr-cyYTsJOunOSPgpyI52RJg4jkg7kJLqU9kzQ__&Key-Pair-Id=MY KEY PAIR ID
results in the following error
How do I establish what is wrong with my signing policy? Is it possible to debug this signed url? As far as I can establish from the documentation it should work.
Thanks.
Upvotes: 1
Views: 564
Answers (1)
Reputation: 4421
It looks like even though you have created CloudFront signed URL (not pre-signed URL), you haven't enabled "Restrict Viewer Access" in the Cache behaviour , it you haven't enabled it, it'll not work. CloudFront Signed URL
Since you have not Restrict Viewer Access enabled and you have "Cache based on query string" select to ALL , CloudFront is sending the object name and the query string to Origin S3 and S3 doesn't have the object with this complete name (object+querystring).
The error is from S3, not from CloudFront, your CloudFront signed url looks correct.
{"Statement":[{"Resource":"http://xxxxxxxxxxxxx.cloudfront.net/audio/1-83b63304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3","Condition":{"DateLessThan":{"AWS:EpochTime":1572520456}}}]}
Upvotes: 1
Related Questions
- AWS cannot signed CloudFront urls
- Issues generating CloudFront signed URLs; always Access Denied
- AWS CloudFront with Signed URL: 403 Access Denied
- AWS Cloudfront Signed Url with Unsigned Query Parameters
- Access denied for AWS CloudFront signed URL
- How to connect my Pre-signed URL bucket in s3 to cloud-front
- Amazon CloudFront URL issue
- S3-backed CloudFront and signed URLs
- Should I be getting a Cloudfront ‘MissingKey’ error when using an unsigned URL to access a public-read S3 object?
- getting malformed policy error from cloudfront