使用 CDK 重定向 S3 存储桶部署的请求被拒绝访问
AccessDenied for requests to redirecting S3 bucket deployed using CDK
我正在迁移托管在 Amazon S3 上的静态网站以使用 CDK 进行部署,遵循 example。我想从 www.mydomain.com 重定向到 mydomain.com,所以我有两个 S3 存储桶,www 一个重定向到顶点域。它们都以 CloudFront 为前端。在使用 CDK 之前我已经完成了所有这些工作,但是在迁移之后我在访问 www URL 时遇到了 AccessDenied 错误。部署存储桶的代码如下所示:
const siteBucket = new s3.Bucket(this, 'SiteBucket', {
bucketName: siteDomain,
websiteIndexDocument: 'index.html',
websiteErrorDocument: 'error.html',
publicReadAccess: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
});
new cdk.CfnOutput(this, 'Bucket', {value: siteBucket.bucketName});
const wwwRedirectBucket = new s3.Bucket(this, 'WwwBucket', {
bucketName: wwwDomain,
websiteRedirect: {hostName: siteDomain, protocol: RedirectProtocol.HTTPS},
publicReadAccess: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
});
const certificateArn = "arn:aws:acm:etcetc"
const distribution = new cloudfront.CloudFrontWebDistribution(this, 'SiteDistribution', {
aliasConfiguration: {
acmCertRef: certificateArn,
names: [siteDomain],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
},
originConfigs: [
{
s3OriginSource: {
s3BucketSource: siteBucket
},
behaviors: [{isDefaultBehavior: true}],
}
]
});
const wwwDistribution = new cloudfront.CloudFrontWebDistribution(this, 'WwwDistribution', {
aliasConfiguration: {
acmCertRef: certificateArn,
names: [wwwDomain],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
},
originConfigs: [
{
s3OriginSource: {
s3BucketSource: wwwRedirectBucket
},
behaviors: [{isDefaultBehavior: true}],
}
]
});
我查看了控制台中的存储桶,据我所知一切看起来都不错。我是否遗漏了一些明显的东西?
我使用 this answer 解决了这个问题。而不是:
s3OriginSource: {
s3BucketSource: siteBucket
},
我需要以下内容:
customOriginSource: {
domainName: bucket.bucketWebsiteDomainName,
originProtocolPolicy: OriginProtocolPolicy.HTTP_ONLY,
},
重定向和其他类似网站的功能在使用 REST 风格的界面时将不起作用,这看起来像是 CDK 默认配置的。
我正在迁移托管在 Amazon S3 上的静态网站以使用 CDK 进行部署,遵循 example。我想从 www.mydomain.com 重定向到 mydomain.com,所以我有两个 S3 存储桶,www 一个重定向到顶点域。它们都以 CloudFront 为前端。在使用 CDK 之前我已经完成了所有这些工作,但是在迁移之后我在访问 www URL 时遇到了 AccessDenied 错误。部署存储桶的代码如下所示:
const siteBucket = new s3.Bucket(this, 'SiteBucket', {
bucketName: siteDomain,
websiteIndexDocument: 'index.html',
websiteErrorDocument: 'error.html',
publicReadAccess: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
});
new cdk.CfnOutput(this, 'Bucket', {value: siteBucket.bucketName});
const wwwRedirectBucket = new s3.Bucket(this, 'WwwBucket', {
bucketName: wwwDomain,
websiteRedirect: {hostName: siteDomain, protocol: RedirectProtocol.HTTPS},
publicReadAccess: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
});
const certificateArn = "arn:aws:acm:etcetc"
const distribution = new cloudfront.CloudFrontWebDistribution(this, 'SiteDistribution', {
aliasConfiguration: {
acmCertRef: certificateArn,
names: [siteDomain],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
},
originConfigs: [
{
s3OriginSource: {
s3BucketSource: siteBucket
},
behaviors: [{isDefaultBehavior: true}],
}
]
});
const wwwDistribution = new cloudfront.CloudFrontWebDistribution(this, 'WwwDistribution', {
aliasConfiguration: {
acmCertRef: certificateArn,
names: [wwwDomain],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
},
originConfigs: [
{
s3OriginSource: {
s3BucketSource: wwwRedirectBucket
},
behaviors: [{isDefaultBehavior: true}],
}
]
});
我查看了控制台中的存储桶,据我所知一切看起来都不错。我是否遗漏了一些明显的东西?
我使用 this answer 解决了这个问题。而不是:
s3OriginSource: {
s3BucketSource: siteBucket
},
我需要以下内容:
customOriginSource: {
domainName: bucket.bucketWebsiteDomainName,
originProtocolPolicy: OriginProtocolPolicy.HTTP_ONLY,
},
重定向和其他类似网站的功能在使用 REST 风格的界面时将不起作用,这看起来像是 CDK 默认配置的。