AWS CloudFront access denied to S3 bucket

Question

I am trying to setup CloudFront to serve static files hosted in my S3 bucket. I have setup distribution but I get AccessDenied when trying

Answer 1

I also got 403 from CloudFront but my issue was a bit different so sharing it here as it might help others.

Make sure the Origin Access Id you've defined as part of the bucket policy is the right one:

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity HERE_GOES_YOUR_ORIGIN_ACCESS_ID"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::deepen-frontend-prod/*"
        }
    ]
}

An Origin Access Identity Id roughly looks like E19F48VV5H01ZD.

You can find all of your origin access identities on https://console.aws.amazon.com/cloudfront/home#oai Look for the one you're using in your CloudFront config under Your Identities: