question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Deploying to s3 with CloudFront - Access Denied.

See original GitHub issue

Hello,

A head scratcher as I am following all the guides I can find, but here is what I have; I have used example instead of the domain.

I have a s3 bucket which is www which holds the site. A non-www which redirects. A cloudfront which has two distributions; one for each bucket and they forward http to https.

The current non-deployed, old gatsby site is working fine in terms of redirects; but I no longer seem able to deploy… might be CloudFront based.

My Gatsby Config

    {
      resolve: `gatsby-plugin-s3`,
      options: {
          bucketName: "www.example.io",
          protocol: "https",
          hostname: "www.example.io",
          acl: null,
          region: null,
      },
    },

I have a .env file, with the correct KEY etc in, but as I also have a few profiles on my machine I have this command; example will be the name of my aws/credentials profile which again has the right keys.

"deploy": "export AWS_DEFAULT_PROFILE=example && gatsby-plugin-s3 deploy --yes",

The ACL on my bucket;

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "example",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetBucketLocation",
                "s3:PutBucketWebsite"
            ],
            "Resource": [
                "arn:aws:s3:::www.example.io",
                "arn:aws:s3:::www.example.io/*"
            ]
        }
    ]
}

This is the command I run;

> export AWS_DEFAULT_PROFILE=example && gatsby-plugin-s3 deploy --yes

✖ Failed.
  AccessDenied: Access Denied

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:10

github_iconTop GitHub Comments

2reactions
JoshuaWalshcommented, Sep 29, 2019

You’re setting AWS_DEFAULT_PROFILE, but that’s only used by AWS CLI. AWS SDK uses AWS_PROFILE instead.

1reaction
bonboniocommented, Sep 29, 2019

Thanks Joshua,

I am so sorry, I didn’t spot the name change in your message.

Might be worth something like so being added to the documentation, it is how to set profile and also invalidate CloudFront cache.

    "deploy": "export AWS_PROFILE=xx && gatsby-plugin-s3 deploy --yes && aws cloudfront create-invalidation --distribution-id xx1 --paths \"/*\"",
Read more comments on GitHub >

github_iconTop Results From Across the Web

Resolve Access Denied errors from a CloudFront distribution ...
To troubleshoot Access Denied errors, first determine if your distribution's origin domain name is an S3 website endpoint or an S3 REST API ......
Read more >
Amazon Cloudfront with S3. Access Denied - Server Fault
We're trying to distribute out S3 buckets via Cloudfront but for some reason the only response is an AccessDenied XML document like the...
Read more >
AWS CloudFront access denied to S3 bucket - Stack Overflow
If you want to allow anyone to access the objects in your Amazon S3 bucket using CloudFront URLs, you must grant public read...
Read more >
Access Denied error when using an S3 static website endpoint
S3 bucket policy must allow access to the s3:GetObject action. Review your bucket policy, and make sure that there aren't any deny statements...
Read more >
React App served via S3 + Cloudfront getting 403 Access ...
React App served via S3 + Cloudfront getting 403 Access Denied · It could mean that you bucket policy does not allow access...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found