You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can I use this gem after configuring AWS's Origin Access Identity, which uses a CloudFront distribution granted read permissions for a non-public S3 bucket not configured for static website hosting? (The idea is to force all traffic via CloudFront, since CloudFront pricing is lower than S3 pricing.)
With this configuration, the CloudFront distribution uses the S3 bucket's REST API endpoint for the "Origin Domain Name" and not the static website endpoint.
Ideally all files in the S3 bucket remain --acl private, the bucket is never enabled for static website hosting, and the CloudFront distribution serves all objects. Direct access by end-users to S3 objects is never permitted, even if someone discovers the bucket and object names.
For clarity, here are the current server responses which I wish to preserve, using a CloudFront distribution with an Alternate Domain Name:
http://BUCKET.s3-website-us-east-1.amazonaws.com/FILE.EXT 404 Not Found
https://XXXXXXXXXXXXX.cloudfront.net/FILE.EXT 200 OK
https://WWW.EXAMPLE.COM/FILE.EXT 200 OK
https://s3-us-east-1.amazonaws.com/BUCKET/FILE.EXT 403 Forbidden
Lastly, thanks for an amazing piece of software. I use it regularly with standard configurations, CloudFront, and public S3 buckets, and it has worked flawlessly for a long time.
The text was updated successfully, but these errors were encountered:
Can I use this gem after configuring AWS's Origin Access Identity, which uses a CloudFront distribution granted read permissions for a non-public S3 bucket not configured for static website hosting? (The idea is to force all traffic via CloudFront, since CloudFront pricing is lower than S3 pricing.)
With this configuration, the CloudFront distribution uses the S3 bucket's REST API endpoint for the "Origin Domain Name" and not the static website endpoint.
Ideally all files in the S3 bucket remain
--acl private, the bucket is never enabled for static website hosting, and the CloudFront distribution serves all objects. Direct access by end-users to S3 objects is never permitted, even if someone discovers the bucket and object names.For clarity, here are the current server responses which I wish to preserve, using a CloudFront distribution with an Alternate Domain Name:
Lastly, thanks for an amazing piece of software. I use it regularly with standard configurations, CloudFront, and public S3 buckets, and it has worked flawlessly for a long time.
The text was updated successfully, but these errors were encountered: