Can't access through S3 to files updated through CloudFront

Question

I was using Cloud-Front to access files in my S3 bucket and update the files. I disable Cloud-Front now, however i cannot access those files directly through S3 now.

<

Answer 1

An alternative to Waylon Flinn's answer is to add / overwrite the x-amz-acl header in a Lambda@Edge function. Something along these lines in nodejs:

exports.handler = (event, context, callback) => {
    const { request } = event.Records[0].cf;
    const { headers } = request;
    headers['x-amz-acl'] = [{key: 'x-amz-acl', value: 'bucket-owner-full-control'}];    
    callback(null, request);
};

The advantage is that you no longer need that policy Waylon writes in his answer since you always set the x-amz-acl header yourself in your own trusted environment. The downside is that Lambda@Edge comes with its own complexity, quirks, and extra costs. It is up to you to decide which approach is better for your use case.

Lambda@Edge was not available at all when Waylon wrote his answer back in 2016. It became generally available on Jul 17, 2017 (almost an year later): Lambda@Edge now Generally Available.