I’m having trouble with my CloudFront setup. It’s working fine for files I put in S3 through the AWS console, but not for the images my Go backend uploads. Here’s what’s happening:
- My CloudFront distribution is active and linked to S3
- I can successfully access files uploaded manually through the AWS console
- My Go backend successfully uploads files to S3
- However, trying to view these files results in an ‘access denied’ error
I’ve checked the ACL settings, and they seem to match, and the paths are correct as well. Below is the code snippet I use for uploading:
result, err := s3Client.PutObject(&s3.PutObjectInput{
Bucket: aws.String(myBucket),
Key: aws.String(imageKey),
Body: imageFile,
ContentType: aws.String("image/jpeg"),
})
Any suggestions on what might be causing this issue? Is there a discrepancy in how CloudFront handles files uploaded via the console versus those uploaded from an EC2 backend using a role? What additional aspects should I investigate?
hey mate, sounds like a tricky one. have u checked the bucket policy? sometimes it can be finicky with permissions. also, make sure ur backend has the right IAM roles to put objects in s3. double-check the cloudfront origin access identity too. goodluck!
hmmm, interesting problem! have u considered checking the metadata of the uploaded files? sometimes the content-type or other headers can cause issues. also, maybe try uploading a test file directly from ur EC2 instance using the AWS CLI to see if it’s a code-specific problem? just brainstorming here. what else have u tried so far?
This issue often stems from a mismatch between the object’s ACL and CloudFront’s expectations. When uploading via the backend, ensure you’re setting the appropriate ACL on the objects. Try modifying your upload code to explicitly set the ACL to ‘bucket-owner-full-control’:
result, err := s3Client.PutObject(&s3.PutObjectInput{
Bucket: aws.String(myBucket),
Key: aws.String(imageKey),
Body: imageFile,
ContentType: aws.String("image/jpeg"),
ACL: aws.String("bucket-owner-full-control"),
})
Additionally, verify that your CloudFront distribution is using Origin Access Identity (OAI) and that the S3 bucket policy grants the OAI the necessary permissions. This approach ensures consistency between console uploads and backend uploads.