I have 2 AWS accounts A and B,
I want to have a cloudfront in account A having a custom origin (working fine), attached to cloudfront is a lambda (on Origin Request)having logic to modify origin to an S3 origin pointing to a public s3 (in account B) in case a specific url/path is encountered,
if (request.uri.startsWith('/abc')){
var s3Origin = {
s3: {
domainName: "S3_DOMAIN",
region: "",
authMethod: "none",
path: "",
customHeaders: {}
}
}
request.headers['host'] = [{key: "Host", value: 'S3_DOMAIN'}];
request.origin = s3Origin;
request.uri = "/PATH/TO/HTML/PAGE/IN/S3" + "index.html";
}
everything works fine if bucket is public, I want to make this s3 bucket non public, how can I do so ?? For now I have tried attaching origin access identity and origin access control to s3 origin of cloudfront in Account A and modifying policy of s3 in account B, but still I get "AccessDenied".