En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

403 Forbidden Error for Images hosted in S3

0

Please help me how to resolve this 403 Forbidden error on my images stored in S3. I already checked this resource: https://repost.aws/knowledge-center/s3-403-forbidden-error in the knowledge base but nothing has changed. The IAM role has the full S3 access, the "Block Public Access" is turned off, I have the following in stated in the bucket policy:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::4177xxxxxxxx:role/PinoyAgriSite-Role"
            },
            "Action": [
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx",
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/resources/environments/*",
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/S3-Uploads-Media/*"
            ]
        },
        {
            "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:DeleteBucket",
            "Resource": "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx"
        }
    ]
}

I have the following in the CORS:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://pinoyagri.com"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

I also have the necessary permissions in ACL, I didn't set up for AWS KMS, I don't use AWS Organizations, and I also don't have settings in the policy that deny uploading to my bucket. Any idea what am I missing? Thanks!

Sujets
Stockage
Balises
Simple service de stockage Amazon
Langue
English
profile picture
Vin
demandé il y a 7 mois468 vues
1 réponse
1
Réponse acceptée

Hello.

Could you please share the full text of your S3 bucket policy?
Also, have you checked what kind of error occurs when accessing S3 from the website?

profile picture
EXPERT
Riku_Kobayashi
répondu il y a 7 mois
  • Riku_Kobayashi EXPERT
    il y a 7 mois

    Public block access is also an account-level setting, so please make sure it is turned off by following the steps in the document below. https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html

  • Vin
    il y a 7 mois

    Thank you for guiding me Riku! I checked again and I can see that "Block Public Access" is completely turned off overall. As for the error, I checked the www-error.log and this is what I found "[06-Oct-2023 01:07:12 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5305 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/functions.php on line 3268"

  • Vin
    il y a 7 mois

    When I checked in the browser developer console, I see the status code is "403 Forbidden". When try to load the URL: https://elasticbeanstalk-ap-southeast-1-4177xxxxxxxx.s3.amazonaws.com/S3-Uploads-Media/uploads/2023/10/guest-details.png in the browser, this is the result "<Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>xx2WD9xxxxxxxxxx</RequestId> <HostId>xxxxxxxxxxxx6zZHZpxbNzmayWD992000fVfk0eavQVUvwDXgSW/Q/2qBT6xrc14xxxxxxxxxxx=</HostId> </Error>"

  • Riku_Kobayashi EXPERT
    il y a 7 mois

    Thank you for checking the log. What happens once I try to delete the bucket policy? If you can now display images after deleting the bucket policy, there is a problem with the bucket policy.

  • Riku_Kobayashi EXPERT
    il y a 7 mois

    To access this object URL, you need to set the bucket policy to allow getobject from all sources.

    https://elasticbeanstalk-ap-southeast-1-4177xxxxxxxx.s3.amazonaws.com/S3-Uploads-Media/uploads/2023/10/guest-details.png

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents