Cloudfront setup issues

Attempting to add cloud front to site but get the following error.

Unable to auto-configure Amazon CloudFront Distributions.
Error code: 403. Error Message: Unable to create Amazon CloudFront Origin Access Identity. Unable to create Amazon CloudFront Origin Access Identity. Forbidden

S3 seems to work it ok, it all goes wrong when I add the cloudfront element. The distributions are there and enabled, the origin access identity is there.

Any ideas, I have deleted everything several times but always end up back here.

The page where I am trying to do this is https://profitperclick.biz/linkedin-masterclass/

Cheers

John

Hi John.

Did you sign up for the CloudFront service? Please make sure that your AWS account is subscribed to CloudFront. See also: https://forums.aws.amazon.com/message.jspa?messageID=107972

Also please verify that your Access Key ID and your Secret Access Key are entered correctly in your s2Member settings for this integration.

Let me know how it goes.

Hi,

Yes, I have signed up for Cloudfront and installed the relevant keys correctly. I had Cloudfront running before for another website using this aws account. Billing is ok, no issues there.

I have been running around in circles with this for a week. Not sure what to do next.

John

Okay… Hmm…

Could I have a look at your settings? Maybe a screenshot of your s2’s AWS integration, and a screenshot of your AWS settings as well? Send me a private message for these.

Thanks

Thanks for the video!

Okay… I followed in my own test site what you did, and I was able to setup CF successfully:

I watched your video a couple more times, until something jumped at me:

Your Amazon Access Key (Access Key ID) seems too long in your configuration:

Here’s what mine looks like:

I know that you can access the files in the bucket and everything seems fine that far, but please verify that you have the correct Amazon Access Key (Access Key ID) in your integration.

If you needed to fix that, then please reset the CF integration in s2, save s2’s Download Options again, and then re-enter the CF credentials and save once more.

I look forward to your update.

Cristián,

Thanks for the feedback. I have noticed that before as well and have reinput the correct key but always end up back with the same error.

As things stand now there are two distributions created, one web and the other rtmp, the comments for both say they were created for s2Member and the S3 Bucket I created. The full comment is “Created by s2Member, for S3 Bucket: profitperclick-bucket.”

So it looks like the distributions get created, the Origin Access Identity is created as well and this also has the following comment attached to it “Created by s2Member, for S3 Bucket: profitperclick-bucket.” but I still
get the error message below.

Unable to auto-configure Amazon CloudFront Distributions.
Error code: . Error Message:

To make things a bit more confusing I have the code for streaming using RTMP protocol on the page of my website, you can see it on the page

That works on my pc , not on my mobile, if Cloudfare & Amazon s3 are not auto configuring why is this running at all.

Very confused

john

Hi,

As a quick followup , the one file I did not see created is the crossdomain.xml file in the bucket I created. Not sure if that makes any difference

John

Hi

Quick update , I seem to have fixed the problem, The error message disappeared when I changed the permissions on the bucket in S3. I made the Access for the bucket “objects can be public” instead of “objects are not public” .

Can I ask a quick followup message , the tutorials mention using the free self hosted jwplayer but that is not available now , what do you recommend to use as a player?

Thanks again for your help.

Cheers

John

I’m very glad you sorted it out! Thanks for the update with your solution.

There are some alternatives to try. https://alternativeto.net/software/jw-flv-player/

You’d generate the link to the protected file with s2File or the equivalent PHP code. WP Admin > s2Member > Download Protection > Shortcode Attributes & API Functions

Based on experience, instead of relying on any paid video player or s2’s video security just pay for Vimeo Pro and let them do everything for you.

For $20/mo you’ll get a constantly updated player, hosting, adaptive streaming (for mobile, etc.) and domain referrer security. So no crazy key generation or a possibly outdated player.

Their TOS says you need Pro or Business to host videos that generate revenue.

And they have an excellent JavaScript API if you ever want to hire a programmer to do things like not allow scrubbing ahead, and/or only allowing continues to the next page if the video was fully viewed.

I know this is resolved but I got the same error message and went to manually setup the S3 permission after googling and discovered it actually did setup correctly it just threw an exception due to communication I suspect.

After wait patiently for deployment to complete everything worked perfectly. AWS has changed a lot in the last year and I suspect a small change in how permissions are applied on their end is causing the 403.

Hi Kevin.

So you had a permissions problem, but it wasn’t because of the “objects are not public” setting John mentioned above? Did you keep having the problem and can you reproduce it, or happened once and now it’s fine so you can’t troubleshoot it?

I look forward to your update.

I can reproduce it all day long but it’s a false start. The 403 Forbidden was generated because of my S3 permissions.

The IAM user I created was given the AdministratorAccess permission but the bucket itself is setup default. So these setting were acceptable to just go to town with file protection. When I move on to setup CloudFront
I also receive the message.

Unable to auto-configure Amazon CloudFront Distributions.
Error code: 403. Error Message: Unable to create Amazon CloudFront Origin Access Identity. Unable to create Amazon CloudFront Origin Access Identity. Forbidden

When I google the 403 error I am told that it was the Bucket policy could not be written automatically but when I went to manually create the bucket policy it was a false report. The configuration was there but the API gave me a false positive. All I actually did was wait for CloudFront to finish deploying and everything worked as expected.

So even though s2member displayed an error it was a communication error not a deployment error if that makes sense. I suspect based on my results if I made the bucket public I would not be given the error.

That said it would be wonderful to have much cleaner instructions for the S3 permissions configuration, All documents I could find are old enough that it was not even close to apples to apples and if I reduced the permissions to what I considered the logical minimum but them I just got no love at all.