Similar to this question: Enabling POST/PUT/DELETE on AWS CloudFront?
I have setup a Cloudfront Distribution with an Origin Access Identity that has access to the S3 origin.
S3 has a CORS configuration that allows PUT, POST, GET, etc. from any Origin. Cloudfront is forwarding the Origin, Access-Control-Request-Headers & Access-Control-Request-Method headers to the S3 origin.
Using the Dropzone-js library I have configured a POST upload request to the Cloudfront endpoint.
Response: 405 Method Not Allowed
And the Response headers:
- access-control-allow-methods HEAD, GET, PUT, POST
- access-control-allow-origin *
- allow HEAD, DELETE, GET, PUT
- server AmazonS3
- x-cache Error from cloudfront
If I switch the request method to 'PUT' the upload response is successful.
200 OK
- x-cache: Miss from cloudfront
- access-control-allow-methods HEAD, GET, PUT, POST
The mysterious 'allow' header is now missing.
The file that ends up in S3 following the PUT request is not readable. I get an Access Denied error when trying to download it.
fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
I'm not sure if S3 implicitly refuses POST requests. That would be fine, so long as PUT requests worked.
The CORS configuration:
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
The Bucket Policy:
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXX"
},
"Action": [
"s3:*",
"s3:PutObject",
"s3:GetObject",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::example-bucket.net/*"
}
s3:* is to try and get it working for a start.
Why is POST not allowed to the S3 Origin? Why is the uploaded file corrupt/not readable?
I've also tried pre-signed URLs similar to method below, but face similar problems. POST is rejected, and PUT is AccessDenied. I tried this on multiple buckets. The only way it would work is with Public WRITE enabled. https://aws.amazon.com/blogs/media/deep-dive-into-cors-configs-on-aws-s3-how-to/
Edit: This issue is very similar, but appears to not be resolved. dropzone.js direct upload to S3 with content-type