5

I'm getting cloudfront endpoint redirecting to S3 with 307 Temporary Redirect. Is there a reason why this is happening?

I've tried creating website endpoint and changed the origin but no luck with same result.

Passionate Engineer
  • 10,034
  • 26
  • 96
  • 168
  • Perform a [cache invalidation](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html) for `/*`. Wait for it to finish, and re-test. This is an S3 issue that resolves itself but will leave you with cached redirects. Please comment on whether the invalidation resolves the issue, or what you observe, now, and I will elaborate, further. – Michael - sqlbot Oct 02 '17 at 12:50

2 Answers2

10

The Temporary Request Redirection It's actually caused by the way S3 buckets behave when they are newly-created (thanks to @Michael-sqlbot) for clarifying this.

From the docs (Temporary Request Redirection)

Due to the distributed nature of Amazon S3, requests can be temporarily routed to the wrong facility. This is most likely to occur immediately after buckets are created or deleted. For example, if you create a new bucket and immediately make a request to the bucket, you might receive a temporary redirect, depending on the location constraint of the bucket.

nbari
  • 25,603
  • 10
  • 76
  • 131
  • Cloudfront distribution has been created for several hours now. How long will it take to propragate? – Passionate Engineer Oct 02 '17 at 06:54
  • if you just upload content, check that the content is publicly available, maybe only admin as read/write permissions – nbari Oct 02 '17 at 07:08
  • *"Is indeed a Temporary Redirect probably you just created your endpoint in CloudFront and once it fully deployed the 307 will go away."* This is not quite accurate. It is not the CloudFront configuration that causes this. It's actually caused by the way S3 buckets behave when they are newly-created. – Michael - sqlbot Oct 02 '17 at 12:47
  • hi @Michael-sqlbot you are right could I will update the answer – nbari Oct 02 '17 at 12:50
  • 1
    Here's a citation from the S3 docs: http://docs.aws.amazon.com/AmazonS3/latest/dev/Redirects.html#TemporaryRedirection. This redirection is what prevents CloudFront from behaving correctly on very new buckets. It doesn't impact buckets for web site hosting, if configured in CloudFront using the bucket's web site endpoint (i.e. typing the buckets web site endpoint address as origin host rather than selecting from the dropdown), but I suspect OP found no change because responses were already cached. – Michael - sqlbot Oct 02 '17 at 12:55
  • @Michael-sqlbot thanks I now get `AccessDenied` I've also made the object public not sure why I'm getting this now – Passionate Engineer Oct 02 '17 at 23:50
  • @PassionateDeveloper, set your [Error Caching Minimum TTLs to 0](https://stackoverflow.com/a/35541525/1695906) to aid in troubleshooting, wait for the distribution to revert back to `Deployed` status, then do one more invalidation. – Michael - sqlbot Oct 03 '17 at 01:37
  • @Michael-sqlbot I tried that with no luck. I do have an image at the root level of the bucket which is something like `123.jpg` I am not able to query it somehow and still get access denied for the requests like `xxxx.cloudfront.net` – Passionate Engineer Oct 03 '17 at 03:55
  • Can you share real links, @PassionateDeveloper? – Michael - sqlbot Oct 03 '17 at 09:47
6

Change your Origin Domain Name to bucketname.s3-region.amazonaws.com per the docs:

If you're using an Amazon CloudFront distribution with an Amazon S3 origin, CloudFront forwards requests to the default S3 endpoint (s3.amazonaws.com), which is in the us-east-1 Region. If you must access Amazon S3 within the first 24 hours of creating the bucket, you can change the Origin Domain Name of the distribution to include the regional endpoint of the bucket. For example, if the bucket is in us-west-2, you can change the Origin Domain Name from bucketname.s3.amazonaws.com to bucketname.s3-us-west-2.amazonaws.com.

webjay
  • 5,358
  • 9
  • 45
  • 62