Closed jojo786 closed 7 months ago
Hi @jojo786 - I didn't see the values you provided in the SAM Deploy step. I'm mostly looking to make sure you're deploying in a supported region. I'll try and re-produce it on my side.
Edit: If it is indeed af-south-1
, that should be supported. I'll do a deployment and give it a try.
af-south-1 / South Africa (Cape Town) is actually not supported.
After reproducing and investigating, the root cause is that CloudFront, while supported to target origins in any S3 region, cannot target certain regions for logs. Source: Amazon CloudFront Developer Guide - Choosing an Amazon S3 bucket for your standard logs
I've made the following documentation update: @7a53e6a
For those who really want to use one of the unsupported regions, you may still be able to deploy by removing the logging configuration lines from the CloudFront resource in the SAM template.
I did a git clone, then
sam build
, thensam deploy --guided --capabilities CAPABILITY_NAMED_IAM
:Setting default arguments for 'sam deploy'
which throws this error:
You don't have permission to access the S3 bucket for CloudFront logs: public-file-browser-logging- xxxxxxxx.s3.amazonaws.com. If you're using IAM, you need s3:GetBucketAcl and s3:PutBucketAcl permissions to create a distribution or to update log settings for an existing distribution. In addition, the S3 ACL for the bucket must grant you FULL_CONTROL. (Service: CloudFront, Status Code: 403)