I have a static website setup on aws s3 using Cloudfront and route 53.
Currently I can correctly access the site correctly via https://www.example.com
I'm trying to redirect http://example.com
and https://example.com
to https://www.example.com
(http://www.example.com
already redirects correctly).
It seems that the only way to set this up is with two cloudfront distributions and two s3 buckets (and two alias A records in route 53).
I have configured an example.com
bucket to redirect to www.example.com
using https protocol.
One of the cloudfront distributions points to the www.example.com
bucket with http to https redirect and the default root object as index.html
and the alternate domain name as www.example.com
The other cloudfront distributions points to example.com
bucket with no http to https redirect and nothing set in the default root object (I've also tried index.html but that didn't help) and the alternate domain name as example.com
.
Both distributions use the same certificate setup in ACM that covers *.example.com
and example.com
(other settings use the defaults).
I'm not clear why I'm getting an access denied error when I try to access via https://example.com
(or http://example.com
) and what is wrong about my setup?
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>....</RequestId>
<HostId>.....</HostId>
</Error>
Update with more details on the buckets:
As mentioned below in the comments the root domain s3 bucket, redirects correctly without cloudfront. Adding cloudfront back in and the access denied errors reappear.
both buckets have public access ie Block all public access
is set to off.
The bucket policy for both is set to:
{
"Version": "2012-10-17",
"Id": "Policy1595518880784",
"Statement": [
{
"Sid": "Stmt1595518834954",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.com/*"
}
]
}
and for the subdomain bucket it has a ..:::www.example.com/*
in the resourse.
The buckets origin used in cloudfront is example.com.s3.amazonaws.com
and www.example.com.s3.amazonaws.com