Cloudfront

Relevant Links:

• HTTP request headers and CloudFront behavior (custom and Amazon S3 origins)
• Controlling Cache Key
• Forward authorization headers
• Cache Based on Selected Request Headers
• Caching content based on Request Headers
• https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html
• https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
• CloudFront delay - errors
• Header Caching
• HTTP request headers and CloudFront behavior (custom and Amazon S3 origins)
• Configuring CloudFront to respect CORS settings

Headers

Authorization

• GET and HEAD requests – CloudFront removes the Authorization header field before forwarding the request to your origin.
• OPTIONS requests – CloudFront removes the Authorization header field before forwarding the request to your origin if you configure CloudFront to cache responses to OPTIONS requests. CloudFront forwards the Authorization header field to your origin if you do not configure CloudFront to cache responses to OPTIONS requests.
• DELETE, PATCH, POST, and PUT requests – CloudFront does not remove the header field before forwarding the request to your origin.

Query String Forwarding and Caching

Query String Forwarding and Caching CloudFront can cache different versions of your content based on the values of query string parameters. Choose one of the following options:

None (Improves Caching) Choose this option if your origin returns the same version of an object regardless of the values of query string parameters. This increases the likelihood that CloudFront can serve a request from the cache, which improves performance and reduces the load on your origin.

Forward all, cache based on whitelist Choose this option if your origin server returns different versions of your objects based on one or more query string parameters. Then specify the parameters that you want CloudFront to use as a basis for caching in the Query String Whitelist field.

Forward all, cache based on all Choose this option if your origin server returns different versions of your objects for all query string parameters.

403 errors

• If a viewer GET request includes a body, CloudFront returns an HTTP status code 403 (Forbidden) to the viewer.

403: This distribution is not configured to allow the HTTP request method that was used for this request.

This error is telling you exactly what the issue is. Here is how it looks like:

According to this error, the path we are making the API request to doesn't allow the HTTP method (i.e. PUT, POST, DELETE, etc..)

So let's check the exact path we are hitting:

Request URL: https://chaineapp.com/v1/accounts

Now let's check in CloudFront:

If you notice, in cloudfront, we have set a rule for /v1/accounts/* so when we hit /v1/accounts, it doesn't point to /v1/accounts/*, instead it will go to a behavior lower on the list or to the default behavior.

In our case for this error, this was going to the default behavior, which DOESN'T have the PUT method enabled.

So the fix is simple, change /v1/accounts/* to /v1/accounts*