Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amplify publish causes AccessDenied error

I deploy a simple web app to S3 via amplify publish. The hosting has Cloudfront enabled (I selected the PROD environment in amplify while setting up hosting) and I'm working in the eu-central-1 region. But whenever I try to access the Cloudfront URL, I receive an AccessDenied error.

I followed a tutorial at https://medium.com/quasar-framework/creating-a-quasar-framework-application-with-aws-amplify-services-part-1-4-9a795f38e16d an the only thing I did differently was the region (tutorial uses us-east-1 while I use eu-central-1).

The config of S3 and Cloudfront was done by amplify and so should be working in theory:

Cloudfront:

  • Origin Domain Name or Path: quasar-demo-hosting-bucket-dev.s3-eu-central-1.amazonaws.com (originally it was without the eu-central-1, but I added it manually after it didn't work).
  • Origin ID: hostingS3Bucket
  • Origin Type: S3 Origin

S3 Bucket Policy:

{
    "Version": "2012-10-17",
    "Id": "MyPolicy",
    "Statement": [
        {
            "Sid": "APIReadForGetBucketObjects",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ********"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::quasar-demo-hosting-bucket-dev/*"
        }
    ]
}

Research showed me that Cloudfront can have temporary trouble to access S3 buckets in other regions. But I manually added the region to the origin in Cloudfront AND I have waited for 24h. I still get the "access denied".

I suspect this has something to do with the S3 bucket not being in the default us-east-1 region and amplify not setting up Cloudfront correctly in that case.

How can I get amplify to set the S3 bucket and Cloudfront up correctly so that I can access my website through the Cloudfront URL?

like image 750
morgler Avatar asked Jan 20 '20 12:01

morgler


People also ask

What server does amplify use?

Hosting a modern web app does not require web servers and can use content delivery networks to store static content (HTML, CSS and JavaScript files). AWS Amplify leverages the Amazon CloudFront Global Edge Network to distribute your web app globally.

Is amplify scalable?

Some key benefits of using AWS Amplify include: – Increased efficiency and scalability: AWS Amplify automates common backend tasks, allowing developers to focus on their application's unique features. This can lead to increased efficiency and scalability, as the backend can be scaled up or down as needed.

Does amplify use S3?

Storage with AmplifyThe Storage category comes with built-in support for Amazon S3. There are two ways to add storage with Amplify - manual and automated. Both methods require the auth category with Amazon Cognito to also be enabled. If you are creating an S3 bucket from scratch, you should use the Automated Setup.


1 Answers

For those whom the first solution does not work, also make sure that the javascript.config.DistributionDir in your project-config.json file is configured correctly. That can also cause the AccessDenied error (as I just learned the hard way).

Amplify expects your app entrypoint (index.html) to be at the first level within the directory you have configured. So if you accept the amplify default config (dist) and are using a project that puts the built files at a deeper level in the hierarchy (dist/<project name> in the case of angular 8), then it manifests as a 403 AccessDenied error after publishing. This is true of both the amplify and s3 hosting options.

docs: https://docs.aws.amazon.com/amplify/latest/userguide/manual-deploys.html (see the end)

like image 200
Nathan Hanna Avatar answered Oct 01 '22 10:10

Nathan Hanna