By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3, Error executing "PutObject"

0

Hello. I was changing user rights (IAM) and broke something. Now my site is not uploading images to S3.

I use CloudFront ..

Error executing "PutObject" on "https://s3.eu-central-1.amazonaws.com/.../iblocks/31001/img/31001.png"; AWS HTTP error: Client error: `PUT https://s3.eu-central-1.amazonaws.com/.../iblocks/31001/img/31001.png` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided (truncated...)
InvalidAccessKeyId (client): The AWS Access Key Id you provided does not exist in our records. - <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>AKIAQ2UKU7ZBF5ATGKPA</AWSAccessKeyId><RequestId>YSJ3RF5Z0GZ0ZR88</RequestId>

Bucket policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::...:user/superadmin"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::backet",
                "arn:aws:s3:::backet/*"
            ]
        }
    ]
}
Topics
StorageSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceIAM Policies
Language
English
rePost-User-1980772
asked a year ago2559 views
2 Answers
1

The error message is saying that your IAM access key is either invalid (formatting issue, maybe?) or it isn't valid (it has been revoked from within the console). You can generate a new IAM access key in the console and then put it into your application.

Given that you've put the access key out in public, I'd be cancelling it anyway. While it's only one half of your credentials it's better to keep both parts (the access key and the secret access key) confidential.

Note that we discourage the use of long-lived credentials - if possible! It's much better security practice. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago
  • rePost-User-1980772
    a year ago

    Thanks, but I created new IAM access keys in the console. It doesn't help.

  • rePost-User-1980772
    a year ago

    I added info about Bucket policy in my question

  • Brettski-AWS EXPERT
    a year ago

    This isn't an issue with the bucket policy - that would give you an "Access Denied" error.

  • rePost-User-1980772
    a year ago

    Maby it is about Object Ownership in AWS? Or maby some cache in the AWS or the server. How can i check with which keys i use AWS through SDK PHP (some logs).

  • rePost-User-1980772
    a year ago

    I deployed the site locally, the images began to upload successfully. It seems AWS stopped liking my server.

0

Why is Action "Action": "s3:*". Shouldn't it be s3:PutObject and s3:GetObject?

https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html

jschwar313
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content