AWS Cloudfront不会在域别名上呈现S3存储桶

时间:2019-11-04 05:02:43

标签: amazon-web-services amazon-s3 amazon-cloudfront amazon-route53

我在S3上放置了我的静态网站内容,该内容已获得公众许可,如果我访问

http://subdomain.mydomain.com.s3-website-us-east-1.amazonaws.com我看到了HTML。

在证书管理器中,我为subdomain.mydomain.com生成了一个有效的证书

现在轮到CloudFront了,

  • 选择了正确的AWS S3存储桶文件夹。
  • 在北维吉尼亚举办的活动中屈服了
  • 关联了Subdomian证书
  • 在文档根目录中填充了index.html
  • 其他设置到位。

部署该网站后,我打开<cloudfront-random-string>.cloudfront.net

这将按原样呈现静态网站。

最后,我转到route53,在A记录中创建一个别名并插入<cloudfront-random-string>.cloudfront.net

当我打开subdomain.mydomain.com时,它没有响应。

出什么问题了?

1 个答案:

答案 0 :(得分:0)

不确定是否获得403,但是本文可能会有所帮助。 https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/

或者,您可以尝试创建Cloudfront Origin Access Identity,并为其授予访问S3存储桶的权限。这样,您也可以将S3存储桶设为私有。

  WebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub ${DomainName}
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      Tags:
        - Key: Domain
          Value: !Ref DomainName

  CloudFrontOriginAccessIdentity:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: !Sub CloudFront OAI for ${DomainName}

  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref WebsiteBucket
      PolicyDocument:
        Statement:
          - Action:
              - s3:GetObject
            Effect: Allow
            Resource: !Join [ "", [ "arn:aws:s3:::", !Ref WebsiteBucket, "/*" ] ]
            Principal:
              CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId

  WebsiteCloudFront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
      - WebsiteBucketPolicy
    Properties:
      DistributionConfig:
        Comment: Cloudfront Distribution pointing to S3 bucket
        Origins:
          - DomainName: !GetAtt WebsiteBucket.DomainName
            Id: S3Origin
            S3OriginConfig:
              OriginAccessIdentity:
                !Join [ "", [ "origin-access-identity/cloudfront/", !Ref CloudFrontOriginAccessIdentity ] ]
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases:
          - !Ref DomainName
        CustomErrorResponses:
          - ErrorCode: 404
            ResponseCode: 200
            ResponsePagePath: /index.html
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
          Compress: true
          TargetOriginId: S3Origin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_100
        ViewerCertificate:
          AcmCertificateArn: !Ref AcmCertificateArn
          SslSupportMethod: sni-only
相关问题
最新问题