Why might boto be denied access to S3 with proper IAM keys?

Question

I am trying to access a bucket on S3 with boto. I have been given read access to the bucket and my keys are working when I explore it in S3 Browser. The following code is returning 403 Forbidden Access Denied.

conn = S3Connection('Access_Key_ID', 'Secret_Access_Key')
conn.get_all_buckets()

This also occurs when using the access key and secret access key via the boto config file. Is there something else I need to be doing because the keys are from IAM perhaps? Could this indicate an error in the setup? I don't know much about IAM, I was just given the keys.

Answer 1

My guess is that it's because you're calling conn.get_all_buckets() instead of conn.get_bucket(bucket_name) for the individual bucket you have access to.

Answer 2

from boto.s3.connection import S3Connection conn = S3Connection('access key', 'secret access key') allBuckets = conn.get_all_buckets() for bucket in allBuckets: print(str(bucket.name))

Answer 3

Some things to check...

• If you are using boto, be sure you are using conn.get_bucket(bucket_name) to access only the bucket you have permission to access.

• In your IAM (user) policy, if you are restricting access to a single bucket, be sure that the policy includes adequate permissions to the bucket and do not include a trailing slash+asterisks for the ARN name (see example below).

• Be sure to set "Upload/Delete" permissions for "Authenticated Users" in S3 for the bucket.

Permissions sample:

IAM policy sample:

NOTE: The SID will be automatically generated when using the policy generator

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Sid": "Stmt0000000000001",
      "Resource": [
        "arn:aws:s3:::myBucketName"
      ],
      "Effect": "Allow"
    }
  ]
}