Menu
I have a problem with these lines in my serverless.yml file.
I am using the Serverless plugin serverless-single-page-app-plugin.
# CustomOriginConfig:
# HTTPPort: 80
# HTTPSPort: 443
# OriginProtocolPolicy: https-only
## In case you want to restrict the bucket access use S3OriginConfig and remove CustomOriginConfig
S3OriginConfig:
OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z
I want use s3OriginConfig and disable access through the S3 bucket. I can do this manually. But I want to get the effect as in the picture below:
302
The origin access identity is not valid or doesn't exist. The keep alive timeout specified for the origin is not valid. The read timeout specified for the origin is not valid.
origin_id (Required) - A unique identifier for the origin. origin_path (Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. origin_shield - The CloudFront Origin Shield configuration information.
domain_name (Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin. custom_header (Optional) - One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed). origin_id (Required) - A unique identifier for the origin.
You cannot create more origins for the distribution. Your request contains too many query string parameters. Your request contains more trusted signers than are allowed per distribution. The specified key group does not exist. One or more of your trusted signers don't exist. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
You might have solved it as you have asked your question long back but this might help if you didn't. I too faced the same issue and after some research through AWS documentation, I got to know how to use the required attributes. Below points to be considered regarding your question.
Please find the below snippet in response to your question.
WebAppDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: 'passport-front.s3.amazonaws.com'
Id: 'WebApp'
S3OriginConfig:
OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref CloudFrontOAI]]
CloudFrontOAI:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'access-identity-passport-front.s3.amazonaws.com'
WebAppBucket:
Type: AWS::S3::Bucket
DeletionPolicy: "Retain"
Properties:
AccessControl: PublicRead
BucketName: "passport-front"
WebAppBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WebAppBucket
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Principal:
CanonicalUser: !GetAtt CloudFrontOAI.S3CanonicalUserId
Resource: !Join ['', ['arn:aws:s3:::', !Ref 'WebAppBucket', /*]]
References: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-cloudfront.html
134
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
