S3/Cloudfront Access Denied

So you finally listened the SEO guys who keep saying that the images on your website have to be fast and you decided to move them from your small cloud server to an AWS S3 bucket? You managed to create the bucket and even enabled Cloudfront on that bucket so that the images (or other files) are not only in one region of AWS but everywhere in the world (well, every edge node on AWSs Content Delivery Network). This will make sure that someone in Japan will see your site as fast as someone in Oregon, USA. You then uploaded the files and changed your website code to point, not to your local server files but to the cloudfront URL (or S3 bucket URL), but when the moment of truth comes… The images are not showing up and when you go directly to the link of the image you get a nasty XML saying Access Denied”.

The good news is that you are not the first person to go through this so the process of adding the permissions is straigh forward:

  1. Go to AWS S3 and click on your bucket

  2. Click on properties

  3. Click on Edit bucket policy

  4. Copy the following into the text box, replace examplebucket with your bucket name and you’re done

    { Version”:“2012-10-17”, Statement”:[ { Sid”:“AddPerm”, Effect”:“Allow”, Principal”: *“,”Action“:[“s3:GetObject”],”Resource”:[“arn:aws:s3:::examplebucket/*“] } ] }

What are we doing here exactly? We are allowing everyone in the world to be able to get objects from your S3 bucket. Don’t worry, no-one will have access to creating/deleting/changing your files, only to see all the files in that bucket (which should be the bucket with your publicly available web files anyway).