By using AWS re:Post, you agree to the Terms of Use

AWS: s3 bucket policy does not give IAM user access to upload to bucket, throws 403 error


I have an S3 bucket that works perfectly with root credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to upload files to the bucket.

I have created an IAM user.
I tried to give this IAM user the privilege of uploading files to this bucket by creating this policy and attaching it to that bucket:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "Statement2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::122xxxxxxxx28:user/iam-user-name"
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket-name"

However, when I try to upload a file, I get this error:

> 403 (Forbidden)

This is how the upload works:

  1. I generate a presigned-url in the backend:
var getImageSignedUrl = async function (key) {
  return new Promise((resolve, reject) => {
        Bucket: AWS_BUCKET_NAME,
        Key: key,
        ContentType: "image/*",
        ACL: "public-read",
        Expires: 300,
      (err, url) => {
        if (err) {
        } else {
  1. Then the file is uploaded in the frontend using that url:
await axios.put(uploadConfig.url, file, {
    headers: {
      "Content-Type": file.type,
      "x-amz-acl": "public-read",
    transformRequest: (data, headers) => {
      delete headers.common["Authorization"];
      return data;
1 Answer

Hi, Good question

Could you please try the following

"Resource": [

S3 buckets require one ARN at the bucket level and another one for all the objects in the bucket.

Let me know if that doesn't help, I can further look into it.


answered 8 months ago
  • Thank you. That solved my problem.

  • Exactly like Sri wrote.

    action s3:PutObject works on the object level, not bucket, that's why it requires arn:aws:s3:::bucket-name/*

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions