Issue with S3 bucket created via CloudFormation Template

[GoncaloBorges]

Dear All.

• If you deploy this solution using the CloudFormation Template, it will create a new S3 bucket from scratch and configure it as CloudFront origin as speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.

• Now, the issue here is that when you create an S3 bucket from scratch in a specific region, it becomes immediately available as bucketname.s3-region.amazonaws.com, however it takes up to 24h to become available as bucketname.s3.amazonaws.com. Until that happens, a requested to bucketname.s3.amazonaws.com will be redirected by Amazon S3 to bucketname.s3-region.amazonaws.com

• The consequence on this solution is that, when a client tries to retrieve a the DRM key via CloudFront, he will receive the following redirect, which will then result in a 403 (unless public read is allowed)

< HTTP/1.1 307 Temporary Redirect
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Connection: keep-alive
< x-amz-bucket-region: region
< Location: https://speke-reference-server-keybucket-xxxxxxxx.s3-region.amazonaws.com/3d4cc049-5a69-4a39-ae5b-a18a3afea187/6a2f99e4-60a3-4c4b-b7f0-ebe8fb60ceb0
< Date: Fri, 31 Dec 2021 05:39:19 GMT
< Server: AmazonS3
< X-Cache: Miss from cloudfront
< Via: 1.1 18973cd357a68e16bd20873be51e8596.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: SYD62-P1
< X-Amz-Cf-Id: MPHg_smPSH6NMdO9kvKg6sgTMG2fLhaV6XWQhISfpOlevjXSzNF4NQ==

• The error will persist until all the S3 information propagates, and a request to bucketname.s3.amazonaws.com stops redirecting to the specific regional endpoint.

• To solve this, one just has to configure the CloudFront S3 origin with the regional endpoint, e.g. speke-reference-server-keybucket-xxxxxxxxxx.s3-region.amazonaws.com. instead of speke-reference-server-keybucket-xxxxxxxxxx.s3.amazonaws.com.

Hope this helps