Cloudfront - cannot invalidate objects used to return 403
Setting up
I have an Amazon Cloudfront distribution that was originally installed as secure. Objects in this distribution required a URL subscription. For example, a valid URL was in the following format:
The distribution points to the S3 bucket, which was also used for security (it only allowed access through the cloud area).
What happened
At some point the chanting urls timed out and will return 403.
Since we no longer need to maintain the same level of security, I recently changed the cloud distribution setting and the S3 bucket it points to to be public.
Then I tried to invalidate objects in this distribution. Invalidity did not produce any errors, but invalidity did not show any success. Requests to the same cloud URL (with or without a query string) still return 403.
The response header looks like this:
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Mon, 18 Aug 2014 15:16:08 GMT
Content-Type: text/xml
Content-Length: 110
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 3abf650c7bf73e47515000bddf3f04a0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: j1CszSXz0DO-IxFvHWyqkDSdO462LwkfLY0muRDrULU7zT_W4HuZ2B==
Things i have tried
I tried to install another cloud distro that points to the same S3 as the original server. Requests for the same object in the new distribution were successful.
Question
Has anyone come across the same situation where a cloud cloud URL that returns 403 cannot be revoked? Is there a reason why the object will not be invalidated?
Thank you for your help!
source to share
- Check first that Invalidation fails. If so, wait until it is complete.
- If you are accessing an S3 object through CloudFront using a public URL, you need to have public read permission on that S3 object.
- If you are trying to access an S3 object through CloudFront using a signed URL, make sure the time referenced when generating the sign must be greater than the current time.
source to share