1

I am building an on the fly image optimizer using CloudFront, S3, API Gateway, and Lambda, but right now I am still in the process of getting my CloudFront origin to fallback to my s3 custom error path.

Here's the flow I'm looking for:

  1. Request image from CloudFront
  2. Not There/Doesn't Exist? Check S3 origin.
  3. Not There/Doesn't Exist? Redirect to hellowrld.html
  4. Do whatever (the goal here, or even step three, is for the redirect to trigger a Lambda, which resizes the image and returns it back down the line to S3, CF, and the browser)

If I try to access an object that doesn't exist through CloudFront, It correctly follows the origin provided, but if the object doesn't exist in S3, I am given the classic Access Denied XML response as shown below. My Bucket definitely has the correct write permissions, and has public read access (for the moment)

enter image description here

Here is my CF Origins/Behaviors. Originally I just had the default origin, and one default behavior, which is really all i need, in my fiddling around i added a top level and a deep resizer/* level.

enter image description here

enter image description here

And here is my s3 Static Website Hosting section and redirection rules

enter image description here

I feel like I shouldn't even need the redirection rules because on error is should redirect to hellowrld.html (not a typo) which is just a fairly blank test html page currently.

Any help would be greatly appreciated! I know this otf image resizer is a very common use case for firing a Lambda upon not finding an object, but I cant find any examples where they put CloudFront in front of S3 in front of API Gateway/Lambda

Dan
  • 792
  • 1
  • 7
  • 17
  • I am inclined to mark this as a duplicate of [CloudFront + S3 Website: "The specified key does not exist" when an implicit index document should be displayed](https://stackoverflow.com/q/34060394/1695906) because the symptoms are different, but the problem and solution are exactly the same -- CloudFront needs to have the S3 website endpoint (the hostname in the URL at the top of your screen shot) configured as the Origin Domain Name, rather than the REST endpoint of the bucket, which is what you get if you select the bucket from the list of buckets. The REST endpoints don't support redirects. – Michael - sqlbot Apr 05 '18 at 01:42

1 Answers1

1

Seems like you have added wrong http error codes in above Redirection rule. It should be 403 and 307. I have added full redirection rule which you can use :

<RoutingRules>
  <RoutingRule>
    <Condition>
      <KeyPrefixEquals/>
      <HttpErrorCodeReturnedEquals>404</HttpErrorCodeReturnedEquals>
    </Condition>
    <Redirect>
      <Protocol>https</Protocol>
      <HostName>'your_api_gateway_url'</HostName>
      <ReplaceKeyPrefixWith>prefix_name'?key=</ReplaceKeyPrefixWith>
      <HttpRedirectCode>307</HttpRedirectCode>
    </Redirect>
  </RoutingRule>
</RoutingRules>
Cory Robinson
  • 4,616
  • 4
  • 36
  • 53
Ankit Uniyal
  • 424
  • 1
  • 7
  • 20
  • 1
    Testing 404 is incorrect, unless you have allowed public List Objects requests of your bucket, which is not generally a good practice. The correct code is 403. The problem here is something different -- CloudFront is not configured to send the requests to the web site endpoint. – Michael - sqlbot Apr 06 '18 at 00:51