By using AWS re:Post, you agree to the Terms of Use

S3 Access Denied 403 error

0

Hi AWS, I was learning about App2Container service using this AWS Workshop https://catalog.us-east-1.prod.workshops.aws/workshops/2c1e5f50-0ebe-4c02-a957-8a71ba1e8c89/en-US and while deploying the infrastructure using CloudFormation template as provided in Step 1, I am experiencing the issue.

Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: Lambda, Status Code: 403, Request ID: 95687072-37e7-4670-b715-7a0e5bdefd92)" (RequestToken: 09b159a9-c86b-72ef-5d6e-c18bbed29004, HandlerErrorCode: AccessDenied)

After that I have updated the IAM user permission with the following S3 API and here is the code for the same:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::application-migration-with-aws-workshop",
                "arn:aws:s3:::application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2",
                "arn:aws:s3:::application-migration-with-aws-workshop/lambda/438e5a43749a18ff0f4c7a7d0363e695"
            ]
        }
    ]
}

Please tell me what's the reason behind the failure. I know this is Amazon owned bucket. So what's missing either from permissions point of view.

Thanks

2 Answers
0

hi,

403 code is often about KMS permissions. Did you check it ?

answered 6 days ago
  • As I mentioned it is an AWS owned bucket so I am not sure whether it is encrypted with AWS Managed key or Customer Managed key. As per Amazon it is a public bucket which I believe is encrypted with SSE-S3 KMS type and in that case we not need to add kms access in IAM policy explicitly.

0
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions