(AccessDenied) when calling the PutObject operation: Access Denied

Question

I am trying to enable object lock option in s3 in AWS. it seems that this option is not working trough GUI and we should use CLI to enable it for upload objects. when I try to create an objcet as a sample I get bellow error message:

````
aws s3api put-object --bucket  --key test-1 --body test-1 --object-lock-mode GOVERNANCE --object-lock-retain-until-date 2025-06-12

An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
````

I also enabled public ACL policy as well as access permssion as the follwing JSON format:

````
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
    {
        "Sid": "ExampleStatement01",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::********:root"
        },
        "Action": "*",
        "Resource": [
            "arn:aws:s3:::",
            "arn:aws:s3:::/*"
        ]
    }
]
````
anyone faced this issue before?

Answer

Hello.

I made the same settings as you in my environment and was able to upload successfully.  
Is the permission to execute "PutObject" set in the IAM policy of the IAM user running AWS CLI?

Also, if you are performing operations as an IAM user, try changing the ARN to that of the IAM user as shown below.    
```
{
    "Version": "2012-10-17",
    "Id": "ExamplePolicy01",
    "Statement": [
        {
            "Sid": "ExampleStatement01",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::********:user/test"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::",
                "arn:aws:s3:::/*"
            ]
        }
    ]
}
```

If the S3 bucket and IAM user belong to the same AWS account, you should be able to access it if the above bucket policy setting or IAM policy allows the operation.

(AccessDenied) when calling the PutObject operation: Access Denied

相关内容