0

All.

I am trying to implement a CloudFront custom s3 origin with index.html in a KMS encrypted bucket with a Lambda@Edge function that intercepts (trigged on get origin request), reads the AWS Sigv4 and writes the appropriate signature to the headers of the request, making it possible for CFD to deliver content from an encrypted s3 bucket. I am following the instructions in a blog post from AWS (https://aws.amazon.com/blogs/networking-and-content-delivery/serving-sse-kms-encrypted-content-from-s3-using-cloudfront/). I have tried multiple times and followed the instructions to the letter, but I get this error message once the Lambda intercepts the request.

The file size is under the 1MB limit. I even added extra permissions to the KMS policy for lambda and edgelambda, which don't appear to be needed, just in case. I found some other posts of the identical question a few months ago, but no one answered.

Thanks for any guidace!

<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Name>dshaw-demo-cfd-kms-s3bucket</Name>
<Prefix/>
<Marker/>
<MaxKeys>1000</MaxKeys>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>index.html</Key>
<LastModified>2021-09-07T15:08:59.000Z</LastModified>
<ETag>"115e51178681629ec91d95062927264e"</ETag>
<Size>214</Size>
<Owner>
<ID>5f501fd3f58dddb6ddcbc5221715faf55e4fa3153032e5a351f56a2d695a3000</ID>
<DisplayName>RemovedDisplayNameForConfidentialityReasons</DisplayName>
</Owner>
<StorageClass>STANDARD</StorageClass>
</Contents>
</ListBucketResult>
Donne Shaw
  • 1
  • 1
    Maybe im missing something but what is the error you see? – LRutten Sep 07 '21 at 15:43
  • doh! sorry, it was above the content above. it's "This XML file does not appear to have any style information associated with it. The document tree is shown below." – Donne Shaw Sep 07 '21 at 16:08
  • I'll add the the object opens just fine from the s3 bucket in the console. The object appears fine, but then again, I don't know what I am doing wrong, so willing to try anything other than making it public. that's the whole point of the kms encryption via custom s3 origin. – Donne Shaw Sep 07 '21 at 16:10
  • Oof I'm afraid i don't have too much experience with this error. I guess you've already tried setting the default index document? https://stackoverflow.com/questions/50892335/listbucketresult-xml-trying-to-show-home-page-of-site-in-s3-thorugh-cloudfront. The interesting part is that it doesn't give a 403 but just a list of objects in the bucket. – LRutten Sep 07 '21 at 16:17
  • yes, I have, but that's also part of the config is you don't set that. You leave the field blank intentionally, but just for kicks, I did try it with that field configured. I didn't mention, but I did include the Cache-Content no-store directive, as well. – Donne Shaw Sep 07 '21 at 16:21

0 Answers0