Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access Denied Error Loading DevHub Courses #20

Closed
kj4ezj opened this issue Jan 10, 2023 · 2 comments
Closed

Access Denied Error Loading DevHub Courses #20

kj4ezj opened this issue Jan 10, 2023 · 2 comments
Assignees
Labels
Infrastructure Cloud infrastructure

Comments

@kj4ezj
Copy link
Contributor

kj4ezj commented Jan 10, 2023

In devrel issue 96, Automation stood up the learn.eosnetwork.com DevHub portal as a statically hosted website in an Amazon S3 bucket behind Amazon CloudFront, a global content delivery network. This website consists of several components including a home page, an account system, and courses that can be completed.

At 2023-01-09 05:41 EST, I received this bug report from my customer.

Gotten a few of these now. Any ideas?

url cant be directly accessbile: https://learn.eosnetwork.com/course/getting-started-with-eos
photo_2023-01-10_13-21-19

I tried myself in Brave (Version 1.46.153 Chromium: 108.0.5359.128) on Linux Mint 21.0 and was able to reliably reproduce this issue by doing literally anything besides going to the home page and clicking on a course.

2023-01-10 13-29-30 - DevHub portal access denied

None of the following worked for me:

  • Following a link from an external application to a course.
  • Pasting a course URI in a new tab.
  • Successfully loading a course from the DevHub home page, then pasting a different course URI into that tab.
  • Refreshing a working or non-working tab.

I tried these actions both logged out and logged in to my DevHub account.

See Also

  • devrel issue 80 - Standup DevHub Infrastructure
  • devrel issue 96 - DNS Mapping for learn.eosnetwork.com
  • devrel issue 134 - Update DevHub Site
  • devrel issue 135 - DevHub Frontend CICD
  • devrel issue 137 - Encrypt DevHub Backend
@kj4ezj kj4ezj added the Infrastructure Cloud infrastructure label Jan 10, 2023
@kj4ezj kj4ezj self-assigned this Jan 10, 2023
@kj4ezj kj4ezj changed the title SPIKE - Investigate Access Denied Error Loading DevHub Courses Access Denied Error Loading DevHub Courses Jan 12, 2023
@kj4ezj kj4ezj moved this from Todo to In Progress in ENF Engineering Jan 12, 2023
@kj4ezj
Copy link
Contributor Author

kj4ezj commented Jan 12, 2023

I tried loading the website homepage and courses directly from the bucket website endpoint itself, which worked, suggesting the problem was with CloudFront rather than the website source code.

http://enf-devhub-prod.s3-website-us-east-1.amazonaws.com
http://enf-devhub-prod.s3-website-us-east-1.amazonaws.com/course/getting-started-with-eos

I used curl to load both the homepage and the course page to look for differences in the client/server negotiation, but these were the same.

curl -vfsSL 'https://learn.eosnetwork.com'
curl -vfsSL 'https://learn.eosnetwork.com/course/getting-started-with-eos'

I also checked out the console, network, and security tabs in the browser dev tooling ([F12]) but I didn't see anything useful there.

@kj4ezj
Copy link
Contributor Author

kj4ezj commented Jan 12, 2023

Ultimately I found this AWS support article about diagnosing CloudFront 403 Access Denied errors for websites served from S3 buckets. It talked about a number of things but, as soon as I opened the CloudFront distribution in the AWS console, I noticed that the distribution origin domain was listed as a bucket endpoint...

enf-devhub-prod.s3.us-east-1.amazonaws.com

...instead of the bucket website endpoint.

enf-devhub-prod.s3-website-us-east-1.amazonaws.com

This is the first thing the support article warns against.

I found that, when creating new CloudFront origins, AWS suggests the wrong endpoints by default.

2023-01-12 02-19-31 - AWS CloudFront Origin suggestions mostly censored

Awesome. -_-

When you put in the bucket website endpoint, AWS labels this as a "custom origin" instead of an S3 origin. I set this "custom" origin in a second CloudFront distribution used for testing and sent an invalidation request for all files (/*). This resolved the bug, with all other settings being equal to production!

I changed the origin from the S3 endpoint to the "custom" bucket website endpoint and sent an invalidation request for the production CDN. I was able to verify the courses were loading properly for me. Finally, I used my VPN to verify the Getting started with EOS course could be navigated to directly and that tab could be successfully reloaded in the following regions:

  1. United States
    1. Chicago - ✔️
    2. Los Angeles - ✔️
    3. Manassas - ✔️
  2. Israel - ✔️
  3. Canada
    1. Montreal - ✔️
  4. Hong Kong - ✔️
  5. South Africa - ✔️
  6. Japan - ✔️
  7. Australia - ✔️
  8. Argentina - ✔️
  9. Brazil - ✔️
  10. Mexico - ✔️
  11. Singapore - ✔️
  12. Germany - ✔️
  13. Iceland - ✔️
  14. South Korea - ✔️

@kj4ezj kj4ezj closed this as completed Jan 12, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in ENF Engineering Jan 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Infrastructure Cloud infrastructure
Projects
Status: Done
Development

No branches or pull requests

1 participant