Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to resolve "specified origin access identity does not exist or is not valid"

Tags:

amazon-s3

amazon-cloudfront

serverless

serverless-framework

I have a problem with these lines in my serverless.yml file. I am using the Serverless plugin serverless-single-page-app-plugin.

# CustomOriginConfig:
              #  HTTPPort: 80
              #  HTTPSPort: 443
              # OriginProtocolPolicy: https-only
              ## In case you want to restrict the bucket access use S3OriginConfig and remove CustomOriginConfig
              S3OriginConfig:
                 OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z

I want use s3OriginConfig and disable access through the S3 bucket. I can do this manually. But I want to get the effect as in the picture below:

AWS Console config

like image 302
Mateusz Avatar asked Apr 03 '19 13:04

Mateusz

People also ask

Is the Origin Access identity valid or not?

The origin access identity is not valid or doesn't exist. The keep alive timeout specified for the origin is not valid. The read timeout specified for the origin is not valid.

What is the difference between origin_ID and origin_path?

origin_id (Required) - A unique identifier for the origin. origin_path (Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. origin_shield - The CloudFront Origin Shield configuration information.

What information do I need to set up a custom origin?

domain_name (Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin. custom_header (Optional) - One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed). origin_id (Required) - A unique identifier for the origin.

Why can't I create more origins for my distribution?

You cannot create more origins for the distribution. Your request contains too many query string parameters. Your request contains more trusted signers than are allowed per distribution. The specified key group does not exist. One or more of your trusted signers don't exist. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

1 Answers

You might have solved it as you have asked your question long back but this might help if you didn't. I too faced the same issue and after some research through AWS documentation, I got to know how to use the required attributes. Below points to be considered regarding your question.

  1. As your origin is Amazon S3 bucket, you should use S3OriginConfig in Distribution.
  2. If new OAI is required then you have to create a CloudFrontOriginAccessIdentity resource and refer the OAI and S3CanonicalUserId attribute to the CloudFront Distribution and S3BucketPolicy resources respectively.

Please find the below snippet in response to your question.

WebAppDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Origins:
          - DomainName: 'passport-front.s3.amazonaws.com'
            Id: 'WebApp'
            S3OriginConfig:
              OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref CloudFrontOAI]]
CloudFrontOAI:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: 'access-identity-passport-front.s3.amazonaws.com'
WebAppBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: "Retain"
    Properties:
      AccessControl: PublicRead
      BucketName: "passport-front"
WebAppBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref WebAppBucket
      PolicyDocument:
        Statement:
        - Action: s3:GetObject
          Effect: Allow
          Principal:
            CanonicalUser: !GetAtt CloudFrontOAI.S3CanonicalUserId
          Resource: !Join ['', ['arn:aws:s3:::', !Ref 'WebAppBucket', /*]]

References: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-cloudfront.html

like image 134
Aditya Avatar answered Sep 19 '22 01:09

Aditya
Sign in to Comment

Related questions

Why AWS Lambda function invoked multiple times for a single event?
Lifecycle policy on S3 not working
Equivalent of "du" command on a Amazon S3 bucket
How to mock out AWS properly for this unit test?
amazon s3 deleteObjects nodejs - can't get it working
Get all s3 buckets given a prefix
AWS Lambda@edge. How to read HTML file from S3 and put content in response body
How to configure Query Params in AWS CloudFront
Can you use Amazon S3 via Flex?
Temporarily disable AWS auto-scaling group activities
Could we iterate over the complete set of objects in Amazon S3
Get Notified when upload is completed in Amazon S3 bucket
How do I upload a CSV file in myBucket and Read File in S3 AWS using Python
Write pandas dataframe as compressed CSV directly to Amazon s3 bucket?
Where are stored (geographically) AWS RDS Backup
Not receiving notifications for AWS S3 PUT event for large files
How to filter s3 objects by last modified date with Boto3
Change user ownership of s3fs mounted buckets
How do I get the S3 key's created date with boto?
Elastic Beanstalk with Docker deployment failure

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!