- Newest
- Most votes
- Most comments
Hello,
The access denied error could occur due to permissions issues at multiple levels.
- IAM Instance Profile [1] associated to the instance. You can also compare the IAM Instance profile permissions with the Elastic Beanstalk [2] suggested required policies and check for any missing permissions.
- Bucket policy configured for the S3 bucket. [3][4]
- Any SCP policies [5] configured at the account level that might cause an explicit deny when performing GetObject. Please refer [6] for some similar examples.
In addition to the above permissions, we would need to perform an in-depth investigation by checking the environment configurations, S3 Bucket configurations, IAM permissions and logs. Thus, currently due to the limited information available, I would highly suggest you to reach out to AWS Premium Support with a case for a faster resolution.
References
[1] Troubleshooting access denied error messages - https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html.
[2] Managing Elastic Beanstalk instance profiles - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html.
[3] Troubleshoot Access Denied (403 Forbidden) errors in Amazon S3 - https://docs.aws.amazon.com/AmazonS3/latest/userguide/troubleshoot-403-errors.html.
[4] re:Post - Knowledge Center - How do I troubleshoot 403 Access Denied errors from Amazon S3? - https://repost.aws/knowledge-center/s3-troubleshoot-403.
[5] Service control policies (SCPs) - https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html.
[6] Example SCPs for Amazon S3 - https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_s3.html.
Relevant content
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago