- 最新
- 投票最多
- 评论最多
Please see answer to your question in the following link. https://repost.aws/knowledge-center/s3-access-denied-error
Here are the key points to address your issue with the "Access Denied" error when trying to access an object in an S3 bucket: 1- Verify the IAM permissions associated with the identity (user, role, etc.) that is trying to access the S3 bucket and object. Ensure the necessary permissions are granted to perform the required actions (e.g. s3:GetObject).
2- Check the S3 bucket policy to ensure it allows the necessary access to the object. The bucket policy should be configured to grant the appropriate permissions to the IAM identity trying to access the object.
3- Confirm that the S3 bucket and object are not set to public access, as this could also cause an "Access Denied" error if the IAM identity does not have the necessary permissions.
4- If you are using an AWS KMS key to encrypt the object, ensure the key is enabled and the IAM identity has the required permissions to use the KMS key for decryption.
Sources
[1] Troubleshoot errors when creating an S3 bucket | AWS re:Post
[2] Troubleshoot the ciphertext error when accessing an S3 object | AWS re:Post
[3] Troubleshoot 403 Access Denied error in Amazon S3 | AWS re:Post
You need to grant access to your bucket objects from the outside world, so you need to go to the Permissions tab in the bucket then you need to ensure that the:
- Block public access (bucket settings) is unticket and save the changes
- Bucket policy has the following json:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::Bucket-Name/*"
]
}
]
}
See the official doc for more info https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteAccessPermissionsReqd.html
NOTE This is not a security best practice but will make you going, (consider accessing your objects through cloudfront)
