Hi team,
I created a pre-signed URL for performing a PUT object operation using the Java SDK and my administrator AWS credentials, subsequently, I aimed to verify its functionality by employing the curl command.
curl -X PUT -T "my_file_name" "the_presigned_url"
I have access denied not sure why,
The bucket is private (no deny or allow policy on it, but I used my admin credentials to generate the resigned URL)
Note: Unnecessary use of -X or --request, PUT is already inferred.
* Trying 532.x5.190.148:443...
* Connected to cxp-document-upload.s3.ca-central-1.amazonaws.com (532.x5.190.148) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.s3.region.amazonaws.com
* start date: Apr 11 00:00:00 2023 GMT
* expire date: Jan 15 23:59:59 2024 GMT
* subjectAltName: host "bucket.s3.region.amazonaws.com" matched cert's "*.s3.region.amazonaws.com"
* issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
* SSL certificate verify ok.
> PUT /pocputobjectsf.png\?X-Amz-Security-Token\=IQoJb3JpZ2luX2VjEMX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGNhLWNlbnRyYWwtMSJHMEUCIQCV6YwM47MJV6qq5ZyExkgRX8%2BiHwIeEVTdLyts%2BpmFxwIgSsodUCbLAtMSVmWqS3QvuWDyRHv3qCKKJcLG2NzYqtkqtQMxxxxxxxxxxxxxxxxxx HTTP/1.1
> Host: bucket.s3.region.amazonaws.com
> User-Agent: curl/7.85.0
> Accept: */*
> Content-Type:imge/png
> Content-Length: 310130
> Expect: 100-continue
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< x-amz-request-id: BBCHGVWVFC2MKG8G
< x-amz-id-2: hVnXvUaDXaI7UQr6mIvcdvPuGpaH+7mmty+jwTyHOm6xxx
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 28 Aug 2023 15:23:17 GMT
< Server: AmazonS3
< Connection: close
<
<?xml version="1.0" encoding="UTF-8"?>
* Closing connection 0
* TLSv1.2 (IN), TLS alert, close notify (256):
* TLSv1.2 (OUT), TLS alert, close notify (256):
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BBCHGVWVFC2MKG8G</RequestId><HostId>hVnXvUaDXaI7UQr6mIvcdvPuGpaH+7mmty+jwTyHOm6UuBMMKL6k4cDToM0m4cAxxxxxxxD8=</HostId></Error>%
furthermore, I used a curl command to download an object using get object resigned URL, I was able to download the object but was not able to open it
I have this message in my laptop:
The file “myfile.png” could not be opened.
It may be damaged or use a file format that Preview doesn’t recognize.
Encryption type =
Server-side encryption with Amazon S3 managed keys (SSE-S3)
is there something wrong I did?
any idea why I have access denied although I used admin credentials to generate the resigned URLs?
Tank you!!
AWS OFFICIALUpdated a year ago
Did you get a chance to look at this re:Post Knowledge Center Article, if not already gone through.