Shalom Carmel
asked on
Cross account Cloudfront access to private S3 bucket
I have a non-public S3 bucket XXX on account X, and a CloudFront distribution on account Y that needs to use that bucket as the origin.
What I did so far:
* Added the canonical id of account Y to the permissions of bucket XXX - I get 403 errors.
* Added a bucket policy to bucket XXX - I still get 403 errors
Any verified suggestions on how to do this?
What I did so far:
* Added the canonical id of account Y to the permissions of bucket XXX - I get 403 errors.
* Added a bucket policy to bucket XXX - I still get 403 errors
{
"Version": "2012-10-17",
"Id": "Policy1234567890",
"Statement": [
{
"Sid": "AllowRead",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::accountY:root"
},
"Action": "s3:Get*",
"Resource": "arn:aws:s3:::XXX/*"
},
{
"Sid": "AllowList",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::accountY:root"
},
"Action": "s3:List*",
"Resource": "arn:aws:s3:::XXX/*"
}
]
}
Any verified suggestions on how to do this?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Use "S3:GetObject" and "ListBucket" attributes with respective location will resolve the issue.