Last Updated on February 23, 2023
Error – Access Denied
Jekyll hosted on Amazon CloudFront and S3
You are sure you have everything set up correctly but when you try and access your Jekyll site you see the dreaded ‘access denied’ error. Your S3 policy is correct so why the error?
Error – Access Denied error, how to fix it
I would never have guessed the fix to this error unless I’d seen it with my own eyes. When you set up your CloudFront distribution the origin field will auto populate with a list of your S3 buckets endpoints. If you select an endpoint from from this you will get the Access Denied error.
The problem with the auto-populated list of S3 endpoints is that they are not the type of endpoint you need to enter into the origin box. They’re not detailed enough. For CloudFront to successfully use your Amazon S3 bucket as an origin it needs an origin endpoint that includes the AWS region of your S3 bucket.
Good, manually entered origin
example.com.s3-website.eu-west-2.amazonaws.com
Bad, auto-populated origin
example.com.s3-website.amazonaws.com
I have no idea why Amazon would think auto-populating the S3 origin information with the wrong endpoints would be a good idea. It must cause so many users to strike their foreheads on the nearest desk. Finding out how to fix this error has made me a little weary of assuming any auto-popular fields anywhere on AWS are trustworthy.
Leave a Reply