公共访问受到限制,所以我决定采用OriginAccessIdentity路线,但在尝试访问域名时得到403绑定到发行版,这个绑定到 s3 存储桶。
这是我到目前为止的代码:
const oai = new OriginAccessIdentity(this, siteDomain);
const siteBucket = new s3.Bucket(this, "SiteBucket", {
bucketName: siteDomain,
autoDeleteObjects: true,
publicReadAccess: false,
removalPolicy: RemovalPolicy.DESTROY, // not for production
websiteIndexDocument: "index.html",
websiteErrorDocument: "error.html",
});
new CfnOutput(this, "Bucket", { value: siteBucket.bucketName });
siteBucket.grantRead(oai);
const distribution = new Distribution(this, "Distribution", {
certificate: certificate,
defaultRootObject: "index.html",
domainNames: [siteDomain, domainName],
minimumProtocolVersion: SecurityPolicyProtocol.TLS_V1_2_2021,
errorResponses: [
{
httpStatus: 404,
responseHttpStatus: 404,
responsePagePath: "/error.html",
},
],
defaultBehavior: {
allowedMethods: AllowedMethods.ALLOW_ALL,
cachePolicy: CachePolicy.CACHING_DISABLED, // only for development
compress: true,
origin: new S3Origin(siteBucket, { originAccessIdentity: oai }),
originRequestPolicy: new OriginRequestPolicy(
this,
"OriginRequestPolicy",
{
headerBehavior: OriginRequestHeaderBehavior.all(),
queryStringBehavior: OriginRequestQueryStringBehavior.all(),
cookieBehavior: OriginRequestCookieBehavior.all(),
}
),
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
},
});
我得到的错误是:
Code: AccessDenied
Message: Access Denied
如有任何建议,我们将不胜感激。