I am trying to host my website with amazon aws s3 static website hosting.
I created a bucket, completed permissions and the bucket policy etc.
And it was returning a 403 forbidden access when I tried to access my end point.
After leaving it for a weekend I went back to have another go and it was working.
Now I tried to delete the contents of the bucket and add some different files. ( basically the same just a few changes in some paragraphs.)
And once again it is now giving me a 403 forbidden access. My question is. Is there a waiting period or something when a bucket or it’s contents are changed. ?
Or is it just me doing something wrong. ? I didn’t change my policy or permissions so I don’t see why it has gone back to giving me a "403 forbidden" message again.
I have looked at previous questions and also aws documentation but couldn’t find anything specific to this.
Appreciate any information.
You need to make all files public. You can either make them public using S3 console/interface or aws cli. It does not take any time to apply public rule, it will be applied instantly.
Related
This is a follow up question to the one found here: CloudFront + S3 Website: "The specified key does not exist" when an implicit index document should be displayed
I am trying to host a React single page app (static website) through S3 and I want to allow https access only (using a custom SSL). I have everything configured with CloudFront and my website is showing up at the CloudFront URL just fine. But when I navigate around the app, I get the error shown in the link above.
According to that post, the error is fixed by switching from a REST to a website endpoint. But in the process, you have to make your S3 bucket public. My question: is there a way to fix this error without switching to a website endpoint and, in the process, making all my S3 content public? Is there some kind of workaround within the AWS ecosystem where I can combine private S3 contents with a process that returns the html doc without the XML formatted error? According to this reference (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff), this seems like it may not be possible, but I'm hoping someone can prove me wrong.
Thanks!
The error you're getting usually occurs when your application tries to access something which it isn't privileged to.
Since you mentioned the app loads normally but you get this error while you move around; So it can be the case that it occurs when a component tries to load a private resource which you haven't added in the policies you have defined.
My question: is there a way to fix this error without switching to a website endpoint and, in the process, making all my S3 content public?
Definitely! But you need to pin point the resources which is being accessed when you're getting the error! I would request you to provide more info regarding the same.
Lastly, if you switch to website endpoints, you won't to able to serve private S3 content. You'll have to make it all public. You can find more info about this here: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff
Very weird occurrence of this error (see below). Points of note:
Web app in question has >500 daily users, all of them uploading objects into S3 daily
Two users, have this one error when they try and upload a file
The same users, if they try a different computer, do not get this error
Web app is using the EvaporateJS library - https://github.com/TTLabs/EvaporateJS
There seems to be no pattern with regards to file size (even a tiny <10kb file will cause it)
The authentication/authorisation component of the web app is handled by the web-app. I.e. - The IAM user associated with generating the S3 upload Url is shared for all web app users, so I have ruled out a permission issue for the IAM user ID in question
Error message:
<Error>
<Code>InvalidRequest</Code>
<Message>
Key is not expected for the GET method ?uploads subresource
</Message>
<RequestId>
*****
</RequestId>
<HostId>
*****
</HostId>
</Error>
From all the points above, the only variable here seems to be the computers. Am I right? Have I overlooked something? If it is the computers, any idea what would be the issue there? An overactive firewall/something else preventing the upload network requests?
Thanks in advance for any guidance in decipher this error message (what does it even mean?!)
I'm trying to create a "Bridge" from Message Hub to S3 Object Storage, copying information from the credentials that I created but I always get an error that says "Please trying refreshing the page, or logging back into Bluemix."
I have already created an access policy for these credentials and the Bucket I want to use as destination.
Also tried with private and public end-points.
I wasn't able to found documentation that explains how to accomplish this. Nothing seems to work.
Thanks!
Apologies, this is an internal error caused by the S3 Object Storage bridges capability being made available in the UI but not in the backend.
An update to the Message Hub service will be made this week to correct this.
TransformationError
This error keeps coming up for a specific image.
There are no problems with other images and I'm wondering what the reason for this exception could be.
From Google:
"Error while attempting to transform the image."
Update:
Development server it works fine, only live it fails.
Thanks
Without more information I'd say it's either the image is corrupted, or it's in a format that cannot be used with get_serving_url (animate GIF for example).
I fought this error forever and incase anyone finds they get the dreaded TransformationError please note that you need to make sure that your app has owner permissions on the files you want to generate a url for
It'll look something like this in your IAM tab:
App Engine app default service account
your-project-name-here#appspot.gserviceaccount.com
In IAM on that member you want to scroll down to Storage and grant "Storage Object Admin" to that user. That is as long as you have your storage bucket under the same project... if not I'm not sure how...
This TransformationError exception seems to show up for permissions errors so it is a bit misleading.
I way getting this error because I had used the Bucket Policy Only permissions on a bucket in a different project.
However after changing this back to Object Level permissions and giving my App Engine app access (from a different project) I was able to perform the App Engine Standard Images operation (google.appengine.api.images.get_serving_url) that I was trying to implement.
Make sure that you set your permissions correctly either in the Console UI or via gsutil like so:
gsutil acl ch -u my-project-a#appspot.gserviceaccount.com:OWNER gs://my-project-b
I'd like to know, in a particular request, what the pending_ms value is (assuming it exists for the given request).
I know that the App Engine logs include this value, but I'm hoping to find it elsewhere for use in gae_mini_profiler.
I've searched around the App Engine source, but no luck -- this is being added elsewhere in the GAE pipeline.
There's not currently any way to access this programmatically, either from within the request or outside it. Please do file a feature request for it, though.