Amazon web services 将Cloudformation配置为使用Cloudfront&;获取/subdirectory service/subdirectory/index.html请求;S3
我有一个Cloudformation模板,用于设置AWS::CloudFront::Distribution和AWS::S3::Bucket。不幸的是,GET/subdirectory请求的响应是403。如何将Cloudformation模板配置为GET/subdirectory service/subdirectory/index.html 我的Cloudfront配置如下所示:Amazon web services 将Cloudformation配置为使用Cloudfront&;获取/subdirectory service/subdirectory/index.html请求;S3,amazon-web-services,amazon-s3,amazon-cloudformation,amazon-cloudfront,aws-sam,Amazon Web Services,Amazon S3,Amazon Cloudformation,Amazon Cloudfront,Aws Sam,我有一个Cloudformation模板,用于设置AWS::CloudFront::Distribution和AWS::S3::Bucket。不幸的是,GET/subdirectory请求的响应是403。如何将Cloudformation模板配置为GET/subdirectory service/subdirectory/index.html 我的Cloudfront配置如下所示: CloudFrontDistribution: Type: 'AWS::CloudFront::Dis
CloudFrontDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Aliases:
- !FindInMap [Domain, !Ref Stage, Domain]
ViewerCertificate:
AcmCertificateArn: !Ref Cert
SslSupportMethod: sni-only
CustomErrorResponses:
- ErrorCode: 403 # not found
ResponseCode: 404
ResponsePagePath: !Ref ErrorPagePath
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
CachedMethods:
- GET
- HEAD
- OPTIONS
Compress: true
DefaultTTL: 3600 # in seconds
ForwardedValues:
Cookies:
Forward: none
QueryString: false
MaxTTL: 86400 # in seconds
MinTTL: 60 # in seconds
TargetOriginId: s3origin
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: !Ref DefaultRootObject
Enabled: true
HttpVersion: http2
Origins:
- DomainName: !GetAtt 'S3Bucket.DomainName'
Id: s3origin
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}'
PriceClass: 'PriceClass_All'
除了对GET/子目录的请求之外,其他一切都可以工作
我还尝试:
- DomainName: !GetAtt 'S3Bucket.RegionalDomainName'
Id: s3origin
S3OriginConfig:
OriginProtocolPolicy: http-only
但是,我收到了错误属性TemplateURL不能为空。
在AWS::CloudFormation::Stack
上
您可以使用请求中的查询字符串将其更改为指向正确的path
检查此设置
看来我需要建立一个Lambda@Edge函数来修改重写规则。我还不确定如何使用Cloudformation实现这一点,但一旦我做了研究,我会继续跟进。。。
'use strict';
const querystring = require('querystring');
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
/**
* Reads query string to check if S3 origin should be used, and
* if true, sets S3 origin properties.
*/
const params = querystring.parse(request.querystring);
if (params['useS3Origin']) {
if (params['useS3Origin'] === 'true') {
const s3DomainName = 'my-bucket.s3.amazonaws.com';
/* Set S3 origin fields */
request.origin = {
s3: {
domainName: s3DomainName,
region: '',
authMethod: 'none',
path: '',
customHeaders: {}
}
};
request.headers['host'] = [{ key: 'host', value: s3DomainName}];
}
}
callback(null, request);
};
Resources:
CFDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: 'true'
Comment: !Sub '${Stage} - CI/CD for Lambda@Edge'
Aliases:
- !FindInMap [AliasMap, !Ref Stage, Alias]
Origins:
-
Id: MyOrigin
DomainName: aws.amazon.com
CustomOriginConfig:
HTTPPort: 80
OriginProtocolPolicy: match-viewer
DefaultCacheBehavior:
TargetOriginId: MyOrigin
LambdaFunctionAssociations:
-
EventType: origin-request
LambdaFunctionARN: !Ref LambdaEdgeFunctionSample.Version