Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IllegalLocationConstraintException on CloudFront (for S3)

I have created an S3 and I uploaded files on the bucket successfully. Now, I am trying to make it work with CloudFront however it is giving me

IllegalLocationConstraintException

The ap-east-1 location constraint is incompatible for the region specific endpoint this request was sent to.

My S3 url is: http://my-bucket-name.s3.ap-east-1.amazonaws.com/assets/local/css/app.css (this returns me the file)

CloudFront is linked to the S3, and the url: https://id.cloudfront.net/assets/local/css/app.css (this returns me the IllegalLocationConstraintException)


In S3 bucket > Permissions >

"Block Public Access" is Off

"Bucket Policy" is auto-generated:

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "######"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        }
    ]
}

What am I doing wrong?

like image 633
senty Avatar asked Jul 11 '19 16:07

senty


People also ask

How do I access my S3 bucket from CloudFront?

Open the CloudFront console. Choose Create Distribution. Under Origin, for Origin domain, choose your S3 bucket's REST API endpoint from the dropdown list. Or, enter your S3 bucket's website endpoint.

Do S3 buckets need to be public for CloudFront?

By default, your Amazon S3 bucket and all the files in it are private—only the Amazon account that created the bucket has permission to read or write the files. If you want to allow anyone to access the files in your Amazon S3 bucket using CloudFront URLs, you must grant public read permissions to the objects.

How do you implement Hsts in CloudFront?

To try this, create a new lambda function in the AWS console. Choose 'Edge Nodge. js 4.3' for the language and look for the cloudfront-modify-response-header template. If you do this, Lambda will ask you which CloudFront distribution and event to apply the function to.

Can CloudFront access a private S3 bucket?

You can give a CloudFront OAI access to files in an Amazon S3 bucket by creating or updating the bucket policy in the following ways: Using the Amazon S3 bucket's Permissions tab in the Amazon S3 console .


2 Answers

  1. Go to your CloudFront dashboard and click on the distribution ID
  2. Go to 'Origins and Origin Groups' tab
  3. select your origin and click 'edit
  4. edit 'Origin Domain Name' to match this format bucketname.s3.regioncode.amazonaws.com
  5. save and wait for 'deployed' state
like image 156
mshjri Avatar answered Sep 22 '22 09:09

mshjri


Even when you auto-select the S3 in CloudFront as related bucket, you still need to put your location manually for making it work.


Update:

My issue was because my CloudFront origin was not in us-east, and when you auto-select your bucket's origin in CloudFront, it doesn't add the location prefix to the url. So make sure you add your s3 location like so:

bucketname.s3.ap-east-1.amazonaws.com

like image 34
senty Avatar answered Sep 21 '22 09:09

senty