Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/objective-c/22.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services Cloudfront访问被拒绝_Amazon Web Services_Amazon Cloudformation_Amazon Cloudfront - Fatal编程技术网
Fatal编程技术网

Amazon web services Cloudfront访问被拒绝

amazon-web-services amazon-cloudformation

Amazon web services Cloudfront访问被拒绝,amazon-web-services,amazon-cloudformation,amazon-cloudfront,Amazon Web Services,Amazon Cloudformation,Amazon Cloudfront,我正在尝试使用Cloudformation创建一个具有S3源的Cloudfront。我想限制S3对象只能通过Cloudfront访问。然而,我使用S3直接url和Cloudfront url都被拒绝访问 AWSTemplateFormatVersion: "2010-09-09" Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: Private Clo

我正在尝试使用Cloudformation创建一个具有S3源的Cloudfront。我想限制S3对象只能通过Cloudfront访问。然而,我使用S3直接url和Cloudfront url都被拒绝访问

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
  CloudFrontOriginIdentity:
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: 'origin identity'
  BucketPolicy:
      Type: 'AWS::S3::BucketPolicy'
      Properties:
        Bucket: !Ref S3Bucket
        PolicyDocument:
          Statement:
            - Effect: Allow
              Principal:
                AWS: !Sub 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOriginIdentity}'
              Action: 's3:GetObject'
              Resource: !Sub 'arn:aws:s3:::${S3Bucket}/*'
  CloudFrontDistribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      DistributionConfig:
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          CachedMethods:
            - GET
            - HEAD
            - OPTIONS
          Compress: true
          DefaultTTL: 3600
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: false
          MaxTTL: 86400
          MinTTL: 60
          TargetOriginId: s3origin
          ViewerProtocolPolicy: 'redirect-to-https'
        DefaultRootObject: 'index.html'
        Enabled: true
        HttpVersion: http2
        Origins:
          - DomainName: !GetAtt 'S3Bucket.DomainName'
            Id: s3origin
            S3OriginConfig:
              OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CloudFrontOriginIdentity}'
在S3中,我得到了index.html,里面只有Hello

创建桶策略

{
"Version": "2008-10-17",
"Statement": [
    {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity xxxxxxxxxxxx"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::mystack-s3bucket-xxxxxxxxxxx/*"
    }
]
}
我在我的沙盒帐户中部署了你的模板。它按预期工作。桶,政策,CF发行版都很好,我的样本网站的作品

只要确保你使用CF域名从互联网上访问你的静态网站,而不是bucket url,因为我见过有人用CF错误地使用bucket url。它会有

ddd7asdf234sa.cloudfront.net
你能发布CFn创建的bucket策略吗?@jellycsc addedI使用该模板拒绝来自CF和s3 URL的访问。这可能与S3文件权限等有关吗?@Jayp您修改过吗?无论发生什么,这都不是你发布的模板的错。