- 确认S3存储桶中的文件权限设置正确,例如,确保文件具有公共读取权限。
- 检查S3和CloudFront配置,确保S3桶和CloudFront分配使用的区域一致。
- 确认Route 53中指向CloudFront的DNS记录正确设置。例如,检查名称解析器中是否存在错误的条目。
- 检查CloudFront分配的安全策略和证书是否正确设置。例如,确保证书是与域名和子域名匹配的有效证书。
以下是示例代码,可用于创建CloudFront分配和S3存储桶的配置文件:
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: PublicRead
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !GetAtt S3Bucket.DomainName
Id: S3BucketOrigin
S3OriginConfig:
OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${CloudFrontOAI}"
Enabled: true
DefaultCacheBehavior:
TargetOriginId: S3BucketOrigin
ViewerProtocolPolicy: redirect-to-https
ForwardedValues:
QueryString: false
TrustedSigners:
Enabled: true
Quantity: 0
DefaultRootObject: index.html
PriceClass: PriceClass_All
ViewerCertificate:
AcmCertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
SslSupportMethod: sni-only
Route53RecordSet:
Type: AWS::Route53::RecordSet
Properties:
AliasTarget:
DNSName: !GetAtt CloudFrontDistribution.DomainName
EvaluateTargetHealth: false
HostedZoneId: Z2FDTNDATAQ