S3 Access Denied 403 error

Question

Hi AWS, I was learning about App2Container service using this AWS Workshop https://catalog.us-east-1.prod.workshops.aws/workshops/2c1e5f50-0ebe-4c02-a957-8a71ba1e8c89/en-US and while deploying the infrastructure using CloudFormation template as provided in Step 1, I am experiencing the issue.

```
Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: Lambda, Status Code: 403, Request ID: 95687072-37e7-4670-b715-7a0e5bdefd92)" (RequestToken: 09b159a9-c86b-72ef-5d6e-c18bbed29004, HandlerErrorCode: AccessDenied)

```

After that I have updated the IAM user permission with the following S3 API and here is the code for the same:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::application-migration-with-aws-workshop",
                "arn:aws:s3:::application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2",
                "arn:aws:s3:::application-migration-with-aws-workshop/lambda/438e5a43749a18ff0f4c7a7d0363e695"
            ]
        }
    ]
}
```

Please tell me what's the reason behind the failure. I know this is Amazon owned bucket. So what's missing either from permissions point of view.

Thanks

Answer

hi,

403 code is often about KMS permissions. Did you check it ?

Answer

Maybe this will help:  https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/

Also, it looks like it's the Lambda service that threw the error. not S3.

https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-403-error-lambda-authorizer/

S3 Access Denied 403 error

Relevanter Inhalt