首页 文章

CloudFront以403 Forbidden响应,而不是触发Lambda

提问于
浏览
3

以下是CDN的模式,用于调整图像大小并通过AWS CloudFront提供服务:

Communication diagram

如果在S3存储桶中找不到图像,则会发出 307 Temporary Redirect (而不是404)以通过API网关访问Lambda . Lambda调整图像大小(基于S3存储桶中的原始图像)并将其上传到S3存储桶 . 浏览器再次使用新生成的图像永久重定向到S3存储桶 .

当我想通过CloudFront访问同一图像时,我收到 403 Forbidden 错误 . 它来自S3或CloudFront . 如状态所示,这可能与访问权限有关 .

为什么将CloudFront添加到工作请求链会导致403错误?

什么有效:

https://{bucket}.s3-website-{region}.amazonaws.com/100x100/image.jpg

HTTP/1.1 307 Temporary Redirect
x-amz-id-2: xxxx
x-amz-request-id: xxxx
Date: Sat, 19 Aug 2017 15:37:12 GMT
Location: https://{gateway}.execute-api.{region}.amazonaws.com/prod/resize?key=100x100/image.jpg
Content-Length: 0
Server: AmazonS3

https://{gateway}.execute-api.{region}.amazonaws.com/prod/resize?key=100x100/image.jpg

HTTP/1.1 301 Moved Permanently
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Date: Sat, 19 Aug 2017 15:37:16 GMT
x-amzn-RequestId: xxxx
location: http://{bucket}.s3-website-eu-west-1.amazonaws.com/100x100/image.jpg
X-Amzn-Trace-Id: xxxx
X-Cache: Miss from cloudfront
Via: 1.1 {distribution}.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xxxx

http://{bucket}.s3-website-{region}.amazonaws.com/100x100/image.jpg

HTTP/1.1 200 OK
x-amz-id-2: xxxx
x-amz-request-id: xxxx
Date: Sat, 19 Aug 2017 15:37:18 GMT
Last-Modified: Sat, 19 Aug 2017 15:37:17 GMT
x-amz-version-id: null
ETag: xxxx
Content-Type: image/png
Content-Length: 20495
Server: AmazonS3

什么行不通:

https://{distribution}.cloudfront.net/100x100/image.jpg

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 19 Aug 2017 15:38:24 GMT
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 {distribution}.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xxxx

我已将S3存储桶作为源添加到CloudFront中

amazon-web-services caching amazon-s3 aws-lambda amazon-cloudfront

2 回答

  • 0

    该错误是由于使用REST endpoints (例如s3.amazonaws.com)实现类似网站的功能(重定向,html错误消息和索引文档)引起的 . 这些功能仅由网站 endpoints 提供(例如bucketname.s3-website-us-east-1.amazonaws.com) .

    http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html

    它使我感到困惑,因为在创建CloudFront分配时,REST endpoints 是通过控制台中的自动完成提供的 . 必须手动输入正确的 endpoints .

    回复于
  • 2

    CloudFront还缓存来自S3的40x 50x状态代码(文档:http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HTTPStatusCodes.html#HTTPStatusCodes-cached-errors) .

    您应该为调整大小的img路径使Cloudfront缓存无效 . 您可以通过从Lambda函数调用CreateInvalidation API来完成此操作 .

    文档:

    http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html#invalidating-objects-api

    回复于

相关问题