You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you deploy this solution using the CloudFormation Template, it will create a new S3 bucket from scratch and configure it as CloudFront origin as speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.
Now, the issue here is that when you create an S3 bucket from scratch in a specific region, it becomes immediately available as bucketname.s3-region.amazonaws.com, however it takes up to 24h to become available as bucketname.s3.amazonaws.com. Until that happens, a requested to bucketname.s3.amazonaws.com will be redirected by Amazon S3 to bucketname.s3-region.amazonaws.com
The consequence on this solution is that, when a client tries to retrieve a the DRM key via CloudFront, he will receive the following redirect, which will then result in a 403 (unless public read is allowed)
The error will persist until all the S3 information propagates, and a request to bucketname.s3.amazonaws.com stops redirecting to the specific regional endpoint.
To solve this, one just has to configure the CloudFront S3 origin with the regional endpoint, e.g. speke-reference-server-keybucket-xxxxxxxxxx.s3-region.amazonaws.com. instead of speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.
Hope this helps
The text was updated successfully, but these errors were encountered:
Dear All.
If you deploy this solution using the CloudFormation Template, it will create a new S3 bucket from scratch and configure it as CloudFront origin as speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.
Now, the issue here is that when you create an S3 bucket from scratch in a specific region, it becomes immediately available as bucketname.s3-region.amazonaws.com, however it takes up to 24h to become available as bucketname.s3.amazonaws.com. Until that happens, a requested to bucketname.s3.amazonaws.com will be redirected by Amazon S3 to bucketname.s3-region.amazonaws.com
The consequence on this solution is that, when a client tries to retrieve a the DRM key via CloudFront, he will receive the following redirect, which will then result in a 403 (unless public read is allowed)
< HTTP/1.1 307 Temporary Redirect
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Connection: keep-alive
< x-amz-bucket-region: region
< Location: https://speke-reference-server-keybucket-xxxxxxxx.s3-region.amazonaws.com/3d4cc049-5a69-4a39-ae5b-a18a3afea187/6a2f99e4-60a3-4c4b-b7f0-ebe8fb60ceb0
< Date: Fri, 31 Dec 2021 05:39:19 GMT
< Server: AmazonS3
< X-Cache: Miss from cloudfront
< Via: 1.1 18973cd357a68e16bd20873be51e8596.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: SYD62-P1
< X-Amz-Cf-Id: MPHg_smPSH6NMdO9kvKg6sgTMG2fLhaV6XWQhISfpOlevjXSzNF4NQ==
The error will persist until all the S3 information propagates, and a request to bucketname.s3.amazonaws.com stops redirecting to the specific regional endpoint.
To solve this, one just has to configure the CloudFront S3 origin with the regional endpoint, e.g. speke-reference-server-keybucket-xxxxxxxxxx.s3-region.amazonaws.com. instead of speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.
Hope this helps
The text was updated successfully, but these errors were encountered: