1 Answer
- Newest
- Most votes
- Most comments
0
For the HEAD action to be used to retrieve metadata from the AWS controlled S3 buckets, the roles used must have appropriate READ access to the object. Relevant read object permission is required but if it does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission. The errors can be [1]:
- If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.
- If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html
You have mentioned that you already have s3:GetObject permission to all SSM buckets. In order to mitigate the issue, could you please add "s3:ListBucket" permission to instance profile and try again. Please let us know in case the issue still persist.
answered 3 months ago
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a month ago