moritz-jansen
commented
3 years ago I've just tried it again and it's working just fine now. Not sure what the issue was but will close this for now. Thank you for the great work on this plugin!
Closed moritz-jansen closed 3 years ago
moritz-jansen
commented
3 years ago I've just tried it again and it's working just fine now. Not sure what the issue was but will close this for now. Thank you for the great work on this plugin!
Describe the bug With the following setup where CloudFront is used to deliver the videos (
Is this a production environment? YES), access to the files is denied (403). With the UnicornFlix example uploading a video works and the files are correctly generated in the output bucket. However, when trying to access them through Cloudfront a 403 is returned.It works as soon as I change the generated S3 bucket policy from (see the "Principal" value):
{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E3IROGGL51D28M" }, "Action": "s3:getObject", "Resource": "arn:aws:s3:::videodemand-vod-output-ifwwsbny/*" } ] }to
{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:getObject", "Resource": "arn:aws:s3:::videodemand-vod-output-ifwwsbny/*" } ] }So it seems like there is an issue with the Origin Access Identity not giving the CloudFront distribution access to the S3 bucket.
Tried it with and without the signed URL option, but getting the same error. It works fine when selecting "No" for the production environment questions. Also checked all steps in https://github.com/awslabs/amplify-video/wiki/Troubleshooting without success.
Might be related to #142
To Reproduce Steps to reproduce the behavior:
Expected behavior Successfully granting the generated CloudFront distribution read access to the video files in the output bucket through the OAI and S3 policy.
Screenshots Please see screenshots in steps above.
Desktop (please complete the following information):