By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

403 Forbidden Error for Images hosted in S3

0

Please help me how to resolve this 403 Forbidden error on my images stored in S3. I already checked this resource: https://repost.aws/knowledge-center/s3-403-forbidden-error in the knowledge base but nothing has changed. The IAM role has the full S3 access, the "Block Public Access" is turned off, I have the following in stated in the bucket policy:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::4177xxxxxxxx:role/PinoyAgriSite-Role"
            },
            "Action": [
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx",
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/resources/environments/*",
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/S3-Uploads-Media/*"
            ]
        },
        {
            "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:DeleteBucket",
            "Resource": "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx"
        }
    ]
}

I have the following in the CORS:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://pinoyagri.com"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

I also have the necessary permissions in ACL, I didn't set up for AWS KMS, I don't use AWS Organizations, and I also don't have settings in the policy that deny uploading to my bucket. Any idea what am I missing? Thanks!

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
profile picture
Vin
asked 7 months ago443 views
1 Answer
1
Accepted Answer

Hello.

Could you please share the full text of your S3 bucket policy?
Also, have you checked what kind of error occurs when accessing S3 from the website?

profile picture
EXPERT
Riku_Kobayashi
answered 7 months ago
  • Riku_Kobayashi EXPERT
    7 months ago

    Public block access is also an account-level setting, so please make sure it is turned off by following the steps in the document below. https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html

  • Vin
    7 months ago

    Thank you for guiding me Riku! I checked again and I can see that "Block Public Access" is completely turned off overall. As for the error, I checked the www-error.log and this is what I found "[06-Oct-2023 01:07:12 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5305 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/functions.php on line 3268"

  • Vin
    7 months ago

    When I checked in the browser developer console, I see the status code is "403 Forbidden". When try to load the URL: https://elasticbeanstalk-ap-southeast-1-4177xxxxxxxx.s3.amazonaws.com/S3-Uploads-Media/uploads/2023/10/guest-details.png in the browser, this is the result "<Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>xx2WD9xxxxxxxxxx</RequestId> <HostId>xxxxxxxxxxxx6zZHZpxbNzmayWD992000fVfk0eavQVUvwDXgSW/Q/2qBT6xrc14xxxxxxxxxxx=</HostId> </Error>"

  • Riku_Kobayashi EXPERT
    7 months ago

    Thank you for checking the log. What happens once I try to delete the bucket policy? If you can now display images after deleting the bucket policy, there is a problem with the bucket policy.

  • Riku_Kobayashi EXPERT
    7 months ago

    To access this object URL, you need to set the bucket policy to allow getobject from all sources.

    https://elasticbeanstalk-ap-southeast-1-4177xxxxxxxx.s3.amazonaws.com/S3-Uploads-Media/uploads/2023/10/guest-details.png

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content