To resolve this issue, suggest selecting 'use my domain' instead of 'use Trend Micro domain'. Refer to the following configuration:

1. Use AWS Route 53 to apply a new customized domain, like 1st-app.sase-ztna-qa-testing.com.
2. Add Zero Trust Secure Access (Private Access) CNAME int-test.edge.int.ztna.trendmicro.com to the AWS Route 53 domain record. Zero Trust Secure Access (Private Access) CNAME can be obtained here:

   

3. Configure a new S3 bucket, the name of which should be equal to the customized domain, like 1st-app.sase-ztna-qa-testing.com.
   1. Enable Static Website Hosting function. Write down its FQDN, like "1st-app.sase-ztna-qa-testing.com.s3-website-us-west-2.amazonaws.com".
   2. Add ACL to only permit Private Access Connector's Global IP.
4. Complete the Zero Trust Secure Access Internal Application (browser access type).
   • Protocol: HTTP
   • External domain type: use my domain
   • External domain: 1st-app.sase-ztna-qa-testing.com
   • Internal domain: 1st-app.sase-ztna-qa-testing.com.s3-website-us-west-2.amazonaws.com
   • Internal port: 80
5. Verify browser access.

If you still prefer to use 'Trend Micro' domain, refer to the following workaround:

1. When creating the bucket, make its name the same as the External URL filled in.
2. In the case mentioned on the article, just create a bucket called "mywebapp-trendbr.edge.us.ztna.trendmicro.com".
3. When searching for bucket name, AWS will find it as it will have the same name as the HTTP Hostname.