S3 Access Denied 403 error
Hi AWS, I was learning about App2Container service using this AWS Workshop https://catalog.us-east-1.prod.workshops.aws/workshops/2c1e5f50-0ebe-4c02-a957-8a71ba1e8c89/en-US and while deploying the infrastructure using CloudFormation template as provided in Step 1, I am experiencing the issue.
Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: Lambda, Status Code: 403, Request ID: 95687072-37e7-4670-b715-7a0e5bdefd92)" (RequestToken: 09b159a9-c86b-72ef-5d6e-c18bbed29004, HandlerErrorCode: AccessDenied)
After that I have updated the IAM user permission with the following S3 API and here is the code for the same:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::application-migration-with-aws-workshop",
"arn:aws:s3:::application-migration-with-aws-workshop/lambda/4eb5dfa8efc17763bc41edb070cb9cd2",
"arn:aws:s3:::application-migration-with-aws-workshop/lambda/438e5a43749a18ff0f4c7a7d0363e695"
]
}
]
}
Please tell me what's the reason behind the failure. I know this is Amazon owned bucket. So what's missing either from permissions point of view.
Thanks
hi,
403 code is often about KMS permissions. Did you check it ?
Maybe this will help: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/
Also, it looks like it's the Lambda service that threw the error. not S3.
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-403-error-lambda-authorizer/
Relevant questions
AWS, Elasticbeanstalk, Linux 2, Access to S3; 403, Access denied
asked 10 months agoSpecific user keeps getting access denied
asked a year agoAccess denied when trying to GET objects uploaded to s3 bucket via aws sdk using cloudfront
asked 8 months agoS3 Access Denied 403 error
asked 6 days agoHow can I resolve AWS::S3::Errors:: Access Denied?
Accepted Answerasked 12 days agoAccess denied error uploading to s3 bucket
asked a month agoAccess Denied error when accessing Cloudfront url image link
asked 4 months ago403 Access denied error from S3 in Glue
Accepted Answerasked 5 years agoMy Production Access request was denied without any real reasons.
asked 7 months ago'Access Denied' when access s3 from angular app with cognito user pool
asked 3 years ago
As I mentioned it is an AWS owned bucket so I am not sure whether it is encrypted with AWS Managed key or Customer Managed key. As per Amazon it is a public bucket which I believe is encrypted with SSE-S3 KMS type and in that case we not need to add kms access in IAM policy explicitly.