Hi All,
This is quite a common error that confuses some people the main issue is when users switches to a Cloudfront setup and they have not updated their bucket policy.
If your bucket is not setup with Cloudfront then your bucket policy will look something like this.
{
"Version": "2008-10-17",
"Id": "S3BubbleSecurity",
"Statement": [
{
"Sid": "S3BubbleAllow",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"https://s3bubble.com/*",
"https://media.s3bubble.com/*"
]
}
}
}
]
}
If you are using Cloudfront on this bucket then you will get a permission denied error. A Cloudfront bucket policy looks like this.
{
"Version": "2008-10-17",
"Id": "S3BubbleCloudfrontSecurity",
"Statement": [
{
"Sid": "S3BubbleAllow",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2D99SZTA0Z6XO"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}
To update you bucket police go to your CloudFront distributions.
https://s3bubble.com/app/#/cloudfront
Find the distribution that is attached to your bucket and then select update bucket policy and you should be good to go.
If you use Cloudfront the bucket must have this policy set to allow them to talk to each other,
Best Regards
S3Bubble Team