How can I return the S3 bucket 404 (instead of 403) for a key that is not in the bucket /

Question

How can I return the S3 bucket 404 (instead of 403) for a key that is not in the bucket /

I use S3 to store some business-critical documents. I want the bucket to return a 404 status code when trying to access an object that does not exist in the bucket.

However, I find that he continues to return me "403

here is an example session using the S3 website url.

> GET /foobar.txt HTTP/1.1
> User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: <bucketname>.s3-website-us-east-1.amazonaws.com
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Last-Modified: Mon, 09 Sep 2013 19:10:28 GMT
< ETag: "14e13b81b3ce5b129d1f206b3e514885"
< x-amz-error-code: AccessDenied
< x-amz-error-message: Access Denied
< x-amz-request-id: <snip>
< x-amz-id-2: <snip>
< Content-Type: text/html
< Content-Length: 11
< Date: Thu, 26 Sep 2013 20:01:45 GMT
< Server: AmazonS3
< 
Not found!

Please note: "Not found!" the line comes from the error document set in the properties of the bucket when you enable hosting for the S3 site.

I also tried to access using the bucket address directly

Http: //.s3.amazonaws.com/

and returns the same, except that instead of an error document, I get an XML document

How to solve this problem?

+41

amazon-s3

feroze Sep 26 '13 at 20:04

source share

5

, -, , ListBucket , ARN - arn:aws:s3:::your_bucket_name.

, , GetObject, , ARN /* - .

{
  "Action": [
    "s3:ListBucket"
  ],
  "Sid": "StmtNNNNNNNNNNNNNNNwholebucket",
  "Resource": [
    "arn:aws:s3:::your_bucket_name"
  ],
  "Effect": "Allow"
},

, , ARN arn:aws:s3:::your_bucket_name/* ListBucket, 403 404.

+24

Peter Lamberg 06 . '13 9:59

, Everyone View Permissions.

:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your_bucket_name/*"
        }
    ]
}

+6

Mathieu 26 . '13 20:24

:

 "Action": [
   "s3:Get*",
   "s3:List*"
 ],
 "Resource": [
   "arn:aws:s3:::bucket_name",
   "arn:aws:s3::: bucket_name/*"
 ],

bucket_name , 404 , 403, bucket_name/* .

+5

martin 01 . '19 13:27

, . , 404. , .

AWS Cloudfront provides a feature called Origin Access Identity ( OAI). How this works is described in detail here .

In short, associate OAI with your Origin on Cloudfront and update the basket policy to allow OAI with GetObjectand ListBucketas shown

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowOAIRead",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity your_OAI_ID"
        ]
      },
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your_bucket_name/*",
        "arn:aws:s3:::your_bucket_name"
      ]
    }
  ]
}

0

Akshay ramachandran Aug 25 '19 at 19:19

source share

Tim Gautier · Accepted Answer · 2013-09-26T20:25:14+0000

S3 403 404, .

404, , . , , , , , , S3 , , , 403 404, , . , , . , .

, , , 404 403.

How can I return the S3 bucket 404 (instead of 403) for a key that is not in the bucket /

More articles: