How can I hid S3 and CloudFront contents? - amazon-s3

I have an S3 bucket and Cloud Front distribution to deliver assets (PDF files) to my site and CMS. I want users to be able to access the PDF, but
I noticed that if I use either the S3 or Could Front URLs that I can erase the file name (e.g., my-bucket.s3.amazonaws.com/file.pdf or cloudfront-domain-name/file.pdf) and see an XML tree of the S3 or Cloud Front that displays all the content (filenames of all the PDFs, and the S3 URL in the case of the CloudFront URL).
How can I prevent somebody from doing this?

make the bucket not open to public, the it wont list the contents in the bucket

Related

Cloufront should always append path for s3 bucket

I have a Cloudfront service which points to an index.html file in a S3 bucket.
Calling the Cloudfront URL is rendering the application which is correct.
I now want to use a custom "path" that gets appended to the Cloudfront.
So instead https://asdf.cloudfront.net/ I want to use https://asdf.cloudfront.net/my-app/ to point to my S3 bucket.
Is this possible with Cloudfront or do I have to move my s3 bucket content into a folder and then point to it?

CloudFront or S3 ACL: This XML file does not appear to have... AccessDenied / Failed to contact the origin

I'm using custom domain and CloudFront for S3 static hosting site to serve https.
It's working fine when I open the pages through the app's internal buttons or link,
but if I input direct URL in the address bar, or click the browser refresh button, it shows
This XML file does not appear to have any style information associated with it. The document tree is shown below.... Access Denied error screen.
I searched related answers and tried to /index.html in the CloudFront general setting as Default Root Object but it didn't work. (Before this try, it was index.html)
When I updated it as /index.html, even the domain itself didn't work.
I have another S3 static hosting site without CloudFront and certificate just for testing.
This site is working fine even I input direct url or click the refresh button.
Above two S3 bucket have same settings (root object is index.html and error document is also index.html)
After this, I changed CloudFront Origin Domain Name from REST endpoint to website endpoint referred to this docs (https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/)
But now getting this error when I refresh the screen.
All the object in S3 is owned to bucket owner and has public access.
This app is made by React and using react-router-dom.
Could you give me any hint or advice?
Thanks.
Solved...
My S3 bucket region requires . instead of - when I use website endpoint for cloudfront.
And FYI..
In my case, there are some little difference with the document and some tutorial. My CloudFront distribution doesn't need to use default root object, and individual objects in S3 has no public access but the bucket has it.
There are some specific endpoints to be used for website hosting buckets, which are listed in the Amazon Simple Storage Service endpoints and quotas document. For example, when hosting in eu-west-1, cloudfront will prepopulate the dropdown with example.s3.eu-west-1.amazonaws.com, but if you look into the bucket settings, Static website hosting section, it will show you the correct url example.s3-website-eu-west-1.amazonaws.com
Carefully read the table! The url scheme is not fully consistent, eg. s3-website.us-east-2.amazonaws.com but s3-website-us-east-1.amazonaws.com - just to make your day a bit more joyful.
So I had the exact same issue and was able to resolve it after taking the s3 bucket endpoint located in the properties of the s3 bucket and then pasting it into the cloudfront origins section into the origin domain. I removed the beginning of the endpoint for example: "http://website.com.s3-website.us-east-2.amazonaws.com" you would just remove the "http://" and then post the rest into the cloudfront origin domain and click save. That should solve the problem!
I tried all kinds of different options such as making sure every object was public as well in the s3 bucket. Make sure your s3 bucket is also publicly available.
Certain regions do have different endpoints for your s3 buckets. Here is a link that shows more of that: https://aws.amazon.com/premiumsupport/knowledge-center/s3-rest-api-cloudfront-error-403/

Direct CloudFront to Specific Bucket Folder if Path Elements Exists

I have a CloudFront distribution in front of a S3 static website.
I want all traffic where first path element is profile to be directed to one file in my bucket.
For example, for a GET request to https://example.com/profile/12345, I want CloudFront to return S3 object s3://<bucket_name>/profile/index.html.
My goal is that I would handle dynamic content for profile/12345 using frontend JS and my API.

Attach S3 bucket to URL endpoint

How can I attach an S3 bucket to an URL on my site. I tried but could not get it to work.
For instance my URL is:
mysite.com/media
And my S3 bucket should be linked directly to the above URL?
You're going to want to use CloudFront in front of S3. This will allow you to use your domain and serve content from S3.
Check out Using CloudFront with Amazon S3 for details on how to do it.

Cloudfront: Do the files in my origin bucket need to be publicly readable

I currently serve files on S3 that are private. I would like to serve files via Cloudfront but I keep getting an AccessDenied error. I have tried multiple combinations
With and without Cloud front key pairs
With and without AWS access keys
But nothing works. Do the files on my S3 bucket need to be publicly readable and then I just restrict access to them via Cloudfront by setting bucket policies?
Thanks
Yes. There is no inherent connection between S3 and CloudFront. From the perspective of S3, CloudFront is just another "user" trying to access the content. Therefore, the S3 bucket has to give permission to CloudFront to access the content. Keep in mind that there is no way to set permissions on the CloudFront distribution so your content will be publicly available that way.