43

I have created the s3 bucket with some files. I created the CloudFront distribution with that S3 bucket as origin and it changed status to deployed.

When I curl CloudFront for any file I get:

<Error><Code>TemporaryRedirect</Code><Message>Please re-send this request to the specified temporary endpoint. Continue to use the original request endpoint for future requests.</Message><Bucket>MY-BUCKET</Bucket><Endpoint>MY-BUCKET.s3-eu-west-1.amazonaws.com</Endpoint><RequestId>...</RequestId><HostId>...</HostId></Error>

When I curl my S3 bucket for any file I get that file contents.

What am I doing wrong? How to force cloudfront to cache files so that clients don't need to get data from S3 directly?

Piyush Patil
  • 14,512
  • 6
  • 35
  • 54
Kivan
  • 1,712
  • 1
  • 14
  • 30
  • Did you try the Curl right away when you got the deployed message ? – Piyush Patil Aug 01 '16 at 19:26
  • @error2007s more than 3 hours it is deployed, but the message still persists – Kivan Aug 01 '16 at 20:17
  • What region is your bucket in? What is your bucket endpoint that you've specified in your CloudFront distribution? – Matt Houser Aug 01 '16 at 20:46
  • 1
    Try invalidating your CloudFront distribution. It's possible that the DNS S3 issue may be resolved, but the response has been cached by CloudFront. Or wait for the TTL to expire before retrying. – Matt Houser Aug 01 '16 at 20:51
  • global endpoints are deprecated so please a regional one. https://stackoverflow.com/questions/65142577/is-cloudfront-origin-using-s3-global-domain-name-performing-better-than-regional – Anton May 07 '21 at 11:06

2 Answers2

62

Thx Matt Houser from comment to my first post!

It seems CloudFront cached my first requests to files when distribution wasn't fully ready (but it was in deployed state at that time, so beware!). I requested invalidation to all files which were in cache, it took some minutes, but after invalidation was done, all files were curled with http 200 using CloudFront url.

The problem became clear after the comment from Michael-sqlbot:

All buckets have at least two REST endpoint hostnames. In eu-west-1, they are example-bucket.s3-eu-west-1.amazonaws.com and example-bucket.s3.amazonaws.com. The first one will be immediately valid when the bucket is created. The second one -- sometimes referred to as the "global endpoint" -- which is the one CloudFront uses -- will not, unless the bucket is in us-east-1. Over a period of seconds to minutes, variable by location and other factors, it becomes globally accessible as well. Before that, the 307 redirect is returned. Hence, the bucket was not ready.

Kivan
  • 1,712
  • 1
  • 14
  • 30
  • 14
    Actually, it wasn't the *distribution* that wasn't fully ready. If it hadn't been ready, it wouldn't have been working. [It was the *bucket* that wasn't ready](http://docs.aws.amazon.com/AmazonS3/latest/dev/Redirects.html). Temporary redirects are normal for the first few minutes of a new bucket's life, sometimes a little longer, when the bucket isn't in the us-east-1 region, because of the way the global endpoint DNS works. Responses served from cache by CloudFront also have an `Age:` header, which would have suggested that what you were seeing was cached. – Michael - sqlbot Aug 02 '16 at 00:25
  • @Michael-sqlbot what do you mean under the bucket was not ready? It was curled normally and cloudfront not at the same time. – Kivan Aug 02 '16 at 20:28
  • 14
    All buckets have at least two REST endpoint hostnames. In eu-west-1, they are example-bucket.s3-eu-west-1.amazonaws.com and example-bucket.s3.amazonaws.com. The first one will be immedately valid when the bucket is created. The second one -- sometimes referred to as the "global endpoint" -- which is the one CloudFront uses -- will not, unless the bucket is in us-east-1. Over a period of seconds to minutes, variable by location and other factors, it becomes globally accesible as well. Before that, the 307 redirect is returned. Hence, the bucket was not ready. – Michael - sqlbot Aug 02 '16 at 21:51
  • @Michael-sqlbot Thx for information! Now I better understand the problem. – Kivan Aug 04 '16 at 08:11
  • 5
    Another piece of info, my s3 bucket is in Ohio, took about 45 minutes for the DNS to propagate and not get the 307 from cloudfront. – rynop Oct 13 '17 at 21:14
  • Or 24 freakin hours for ap-southeast-2 (Sydney)! – Seba Illingworth Jul 20 '20 at 02:01
  • Had same error, found this and it worked, thanks! Also did a bit more googling and found this one that is pretty much spot on and official, should be mentioned here: https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/ – Gomibushi Apr 08 '21 at 07:30
  • Although this seems to describe my situation exactly, the resolutions described here do not work for me. Both my S3 bucket and my REST endpoint are us-west-2. I am seeing a 307, followed by multiple 301's before the browser throws its hands up and says "I give up, too many redirects". – BogeyMan Aug 24 '23 at 15:47
  • Is it a problem to use the first (*non-global*) endpoint in general? `example-bucket.s3-eu-west-1.amazonaws.com` – DarkTrick Sep 01 '23 at 03:53
19

Just to clarify a bit more if it happens to you, there's a few choices:

  • Either wait up to 24h for the changes to propagate fully.

  • Change your bucket location to the us-east-1 region.

  • But the easiest is probably to switch your CloudFront origin domain name from <bucket>.s3.amazonaws.com to <bucket>.s3-<region>.amazonaws.com

Go to your Distribution settings -> Origins and Origin Groups and edit the current origin

For example, with a bucket named stackoverflow in the us-west-2 region, it would become

stackoverflow.s3-us-west-2.amazonaws.com
Preview
  • 35,317
  • 10
  • 92
  • 112
  • Changing the bucket location to include the region fixed things for me, many thanks! – badsyntax Dec 25 '20 at 19:01
  • 1
    Worked! IMPORTANT: Still needed to wait like 2 minutes and do cmd+shift+r to make sure Chrome doesn't cache the image request. Thanks. :) – Aidin Jan 06 '21 at 00:07
  • Not working for me. Getting 307, followed by multiple 301s. Both my bucket and CF origin are (and have always been) in us-west-2. – BogeyMan Aug 24 '23 at 00:06