In between 1.12.1 and the just released 1.16.0, the serverless-lift
plug-in was broken with regard to the behavior of the static-website
construct used by RedwoodJS to deploy front-end (web) bits.
The broken behavior manifests as an AWS ‘Access Denied’ when navigating directly to any page other than the home page of the site. The serverless-lift
plug-in is responsible for configuring S3 bucket permissions as well as CloudFront error handling and for the versions between 1.12.1 and 1.16.0 were not configuring this in a manner necessary for proper operation of RedwoodJS. Navigating via links behaves correctly, but navigating by direct entry of a URL, or back/forward/refresh will fail with the AWS Access Denied error.
This was a painful one to figure out. I hope this helps someone else out there. My thanks to @rob for the nudges in the right direction on Discord.
1 Like
Hi @joconor, thanks for bringing this. I’ve just faced this problem (I had a S3 bucket created BEFORE the AWS breaking change of Apr 2023 and when I tried to recreate it, I found the mentioned error ‘Access Denied’).
I’m using the last version of serverless-lift
1.26.1, but I still have the permission issues. What version of this plugin are you using? Can you please share your ẁeb/servelress.yml`?
Thanks in advance.
Hi @fmiranda ,
Here’s my web/serverless.yml. Note the extensions:
section. I’m using version “^1.25.1” of the serverless-lift plugin
# See the full yml reference at https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/
service: cpcemm-web
# Uncomment `org` and `app` and enter manually if you want to integrate your
# deployment with the Serverless dashboard, or run `yarn serverless` in ./web to be
# prompted to connect to an app and these will be filled in for you.
# See https://www.serverless.com/framework/docs/dashboard/ for more details.
# org: your-org
# app: your-app
useDotenv: true
plugins:
- serverless-lift
constructs:
web:
type: static-website
path: dist
extensions: {
bucket: {
Properties: {
PublicAccessBlockConfiguration: {
BlockPublicPolicy: false,
}
}
}
}
provider:
name: aws
runtime: nodejs16.x
region: us-west-2 # AWS region where the service will be deployed.
1 Like
Thanks a lot!
One more question: you are still using node16, do you migrate to Redwood 5.x?
I have not yet migrated to RedwoodJS 5.x