- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello. have you set the bucket policy? you need to specify the principal and effect of that ie s3:getobject and the resources e.g yourbucket/* meaning you can see and get the object. that's what i think is missing. Here is an example of a bucket policy using a policy generator from your s3 bucket console in the permissions tab ->edit policy and then click on the policy generator, make sure u copy the ARN as well which you will use to paste in the generator.
{ "Id": "Policy1692788816796", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1692788810811", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::animals/", "Principal": "" } ] }
There are few things, that you need to make sure of and are as below:
- Your IAM role/user has access to that s3 bucket and it's objects through identity based policies
- There should not be explicit deny at bucket policy, if there is any explicit deny at bucket level, then also you'll not be able to access the bucket object.
- If s3 bucket is SSE-KMS CMK encrypted, make sure your IAM user/role has access to that KMS key
- There is no explicit deny at KMS key policy
Once you make sure of all the above points, you should be good.
Contenus pertinents
- demandé il y a un an
- demandé il y a 6 mois
- demandé il y a un an
- demandé il y a 2 mois
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans