Using S3 presigned url from CloudFront

[aldy120]

I try to access CloudFront by using S3 presigned url format. e.g., http://d3cpkzzxx5hfjb.cloudfront.net/jdhfalkwejfhalwekjfhaw/Sabrva.zip?AWSAccessKeyId=AKIAJMQJIRI6AYFKCXTA&Expires=1565932789&Signature=IhROayuoZOEq6iMWaYg%2BJ1oPfPM%3D.

Error messages

<Error>
<Code>InvalidArgument</Code>
<Message>
Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified
</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>
AWS4-HMAC-SHA256 Credential=AKIAJ6GERVB2PHI4WAZQ/20190811/ap-northeast-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e02bea4bdc6fb29f7a3b8d44d2eae9c2811ef0bc1607b6c1f6d9e7a390d84694
</ArgumentValue>
<RequestId>8F944F84FC8110D6</RequestId>
<HostId>
qjtLKCLpc/aMl9GfjsAVB30/TeiRW4FsezyJ2KrEhJ24WUZbJR+TqhdZuhbMRMSHnTF2dCD+IpA=
</HostId>
</Error>

or

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>1E75A91CCD22E0C9</RequestId>
<HostId>
QJLR5QgX9BlQhLH8k0sZzmOY6ZdRdRQDfdsaS/sU5vHjfWU1lfwtc/XEsfl5VDeWFvWs1yJh8tY=
</HostId>
</Error>

To solve it

• Forward all query string. (CloudFront does not forward query strings by default).
• Disable origin access identity (S3 only allow one auth mechanism at the same time).

[aldy120]

aldy120/cloudfront-note#19