Hi Scope,
Permission issues are almost always down to bucket policies whether they are setup with CloudFront or not.
If your bucket is not setup with Cloudfront then your bucket policy will look like this.
{
"Version": "2008-10-17",
"Id": "S3BubbleSecurity",
"Statement": [
{
"Sid": "S3BubbleAllow",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"https://s3bubble.com/*",
"https://media.s3bubble.com/*"
]
}
}
}
]
}
If you are using Cloudfront on this bucket then you will get a permission denied error. A Cloudfront bucket policy looks like this.
{
"Version": "2008-10-17",
"Id": "S3BubbleCloudfrontSecurity",
"Statement": [
{
"Sid": "S3BubbleAllow",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2D99SZTA0Z6XO"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}
To update you bucket police go to your CloudFront distributions.
https://s3bubble.com/secure/#/cloudfront
Find the distribution that is attached to your bucket and then select update bucket policy and you should be good to go.
If you use Cloudfront the bucket must have this policy set so allow them to talk to each other,
Best Regards
Sam