- Newest
- Most votes
- Most comments
Is all block public access turned off?
If this is not all turned off, access will fail even if allowed by the bucket policy.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
The IP address should be changed to something like "34.126.80.246/32".
Yes.Am using the same policy as shared. Have enabled the ACL has well And Ticket the Public access box in the ACL with read and read option enabled. But still facing the same issue
Bucket ACLs should be disabled. Also, have you deleted your browser cache? Is the IP address from which you are connecting correct?
Thanks this policy worked,but only challenge here which we are facing is with this IP "3.6.255.121/32", I even tried changing the subnet to 8 and 16.It did not work.
Any recommendations would be helpful
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": "", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::toch-poc-2/", "Condition": { "IpAddress": { "aws:SourceIp": [ "3.6.255.121/32", "43.204.223.244/32", "34.126.80.246/32", "34.142.191.139/32", "34.143.188.86/32", "49.249.215.66/32", "15.207.175.132/32", "10.190.3.0/24" ] } } } ] }
Are you sure that the ip address is correct? Policy passes for me
Your Bucket policy is wrong. You do NOT need to turn OFF block public access. Because the policy contains A set of Classless Inter-Domain Routings (CIDRs) aws:SourceIp
BLOCK PUBLIC isnt applicable because the Policy isnt classed as public because its locked down to sourceIP
Your also have to be aware of KMS. If your using AWS SSE its ok, if your objects are encrypted with KMS you will have to allow access to the KMS Key also.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": arn:aws:s3:::toch-poc-2/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"3.6.255.121/32",
"43.204.223.244/32",
"34.126.80.246/32",
"34.142.191.139/32",
"34.143.188.86/32",
"49.249.215.66/32",
"15.207.175.132/32"
]
}
}
}
]
}
Hi, did you allow S3 Public Access on the bucket ? If not, you will have to because it will block access and result in http 403 before your bucket policy is even used.
See https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
Relevant content
- asked 4 months ago
- asked 2 years ago
- asked 8 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
The ARN of the S3 bucket listed in "Resource" should be something like "arn:aws:s3:::toch-poc-2/*" because GetObject needs permission to be in the bucket.
Yes.Its turned ON. Any modifications in policy needed ? stil facing the same error
Yes, please try to use the policy I described.
Block Public does not need turning off when using A set of Classless Inter-Domain Routings (CIDRs), using aws:SourceIp in the bucket policy