3

I am trying to use Lambda@Edge functions in the article below on an already existing s3 bucket and its distribution:

https://aws.amazon.com/blogs/networking-and-content-delivery/resizing-images-with-amazon-cloudfront-lambdaedge-aws-cdn-blog/

I can reach images but whenever I try to resize I get "Access Denied" error.

S3 bucket is publicly readable. In bucket policy I gave put object get object permissions to both public and the IAM role lambda functions are using.

I have attached various lambda policies to IAM role of functions as you can see below:

AWSLambdaFullAccess, CloudFrontFullAccess, AdministratorAccess, AWSLambdaExecute, AWSLambdaBasicExecutionRole, AWSLambdaRole

Distrbutions view protocol policy HTTP and HTTPS so request type shouldn't be a problem Can anyone help? I am going crazy :(

cansu.asci
  • 91
  • 1
  • 4

1 Answers1

0

I have followed the same article and had the same problem. For me, the query string was not being forwarded to the origin response function. The function just returns the original response(403 though I made the bucket public) when no query string is found. The article uses cache policy settings from the Cloudfront configuration to forward the query string which is now legacy. (Since the article was authored on 20 FEB 2018)

You can either configure querystring forwarding with the same configuration via the now legacy cache policy. Preferably use the new origin request policy which lets you explicitly control the paramters sent. You can use the Managed-AllViewer policy to forward all headers, cookies & query string or create your own policy to cater to your needs.

Its been a long time since the question was posted, but I hope it helps someone facing the issue because of the modified configuration.