Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Access Denied with S3 SDK

0

My user has been given permissions on all buckets and all objects in the bucket. I can also list all buckets and create objects inside buckets using my Web Management Console. I have created access keys for my account, but using them to perform any bucket action (list/get objects) results in Access Denied. AWS logs that I tried to use the access key x minutes ago for S3, but I get access denied for any bucket operation. Where do I look next to solve this? Thank you.

Using boto3==1.34.32.

Example errors:

ClientError: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

ClientError: An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

Argomenti
ArchiviazioneSicurezza, identità e conformità
Tag
Servizio di archiviazione semplice di AmazonGestione identità e accesso AWS
Lingua
English
vidhi
posta 3 mesi fa111 visualizzazioni
2 Risposte
0

Hi,

You probably have an authentication / authorization issue when coming via SDK and boto3. It's well explained here: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

I personally use the env vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY when working with Python SDK.

To see under which identity you currently run, just place a call to boto3 STS get_caller_identity()

Best,

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 3 mesi fa
profile picture
ESPERTO
Dmytro Sirant
verificato 3 mesi fa
profile picture
ESPERTO
Riku_Kobayashi
verificato 3 mesi fa
  • vidhi
    3 mesi fa

    I've re-tried using environment variables (was using credential file previously), but no luck. I can see that the user is as expected when doing get_caller_identity(). The access key, again, does log that it was last used a few minutes ago to access S3, but I received the same AccessDenied message when trying any action.

  • Riku_Kobayashi ESPERTO
    3 mesi fa

    By the way, what kind of code are you trying to access? If there is no problem with the IAM authentication information, I think there may be a problem with the way the code is written.

  • Didier_Durand ESPERTO
    3 mesi fa

    Another thing to explore: is the IAM user corresponding to AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in active state from IAM perspective? Seehttps://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data.html to see when your user last came and if it is active (IAM may deactivate it after some time: I had it for myself recently)

0

Here is a way to troubleshoot the issue

  1. Install AWS CLI
  2. Run this command in your terminal or cmd
aws configure
  1. Enter your IAM user credentials and the default AWS region
  2. Test any of s3 commands in CLI. Eg.
aws s3 ls

If the above command listed the buckets there's no issue with IAM user permissions. It's an issue with the code or the package.

langesh
con risposta 3 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente