search

aws-samples / liveness-detection

Backend and a JavaScript frontend of a liveness detection application.
MIT No Attribution
100 stars 40 forks source link

Files copied to the S3 bucket are not public #5

Closed kevindqc closed 3 years ago

kevindqc commented 3 years ago

I followed the instructions but it didn't work out of the box. I had to go to the S3 bucket with the static files and make them all public.

athewsey commented 3 years ago

Hi @kevindqc - did you deploy to a region other than us-east-1 by any chance? I ran in to a similar issue just recently, and seems like there's a mis-configuration in the CloudFront S3 origin that causes it to fail in other regions.

I'm about to raise a PR, but essentially the fix would be to add a region specifier in the template.yaml's CloudFrontDistribution:

        Origins:
          - DomainName: !Sub "${StaticWebsiteBucket}.s3.${AWS::Region}.amazonaws.com"
            Id: the-s3-bucket

Because the assets are served through CloudFront (and, when it's working, CloudFront authenticates to the bucket via an OriginAccessIdentity), the bucket would not actually need to be public.

rafaelwmartins commented 3 years ago

Hi @kevindqc The files should not be public; the files should be available only to CloudFront to be served through it. Seems like the problem is caused by the missing region in the domain name like @athewsey said (Thanks, @athewsey !). I've just pushed the fix. I'll close the ticket. Please, reopen it if the problem persists.