Error executing "PutObject" on AWS, upload fails

Question

I have established an AWS acct. and am trying to do my first programmatic PUT into S3. I have used the console to create a bucket and put things there. I have also created a subdirectory (myFolder) and made it public. I created my .aws/credentials file and have tried using the sample codes but I get the following error:

Error executing "PutObject" on "https://s3.amazonaws.com/gps-photo.org/mykey.txt"; AWS HTTP error: Client error: PUT https://s3.amazonaws.com/gps-photo.org/mykey.txt resulted in a 403 Forbidden response: AccessDeniedAccess DeniedFC49CD (truncated...) AccessDenied (client): Access Denied - AccessDeniedAccess DeniedFC49CD15567FB9CD1GTYxjzzzhcL+YyYsuYRx4UgV9wzTCQJX6N4jMWwA39PFaDkK2B9R+FZf8GVM6VvMXfLyI/4abo=

My code is

<?php

// Include the AWS SDK using the Composer autoloader.
require '/home/berman/vendor/autoload.php';
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'gps-photo.org';
$keyname = 'my-object-key';
// Instantiate the client.
$s3 = S3Client::factory(array(
    'profile' => 'default',
    'region' => 'us-east-1',
    'version' => '2006-03-01'
));
try {
    // Upload data.
    $result = $s3->putObject(array(
        'Bucket' => $bucket,
        'Key'    => "myFolder/$keyname",
        'Body'   => 'Hello, world!',
        'ACL'    => 'public-read'
    ));
    // Print the URL to the object.
    echo $result['ObjectURL'] . "\n";
} catch (S3Exception $e) {
    echo $e->getMessage() . "\n";
}

If anyone can help me out, that would be great. Thanks. --Len

Answer 1

Assuming that you have all the required permissions, if you are getting this error, but are still able to upload, check the bucket permissions section under your bucket, and try disabling (uncheck) "Block all public access," and see if you still get the error. You can enable this option again if you want to.

This is an extra security setting/policy that AWS adds to prevent changing the object permissions. If your app gives you problems or generates the warning, first look at the code and see if you are trying to change any permissions (which you may not want to). You can also customize these settings to better suit your needs.

Again, you can customize this settings by clicking your S3 bucket, permissions/ edit.

Answer 2

I got the same error issue. Project is laravel vue, I'm uploading file using axios to s3.

I'm using vagrant homestead as my server. Turns out the time on the virtual box server is not correct. I had to update it with the correct UTC time. After updating to correct time which I took from the s3 error it worked fine.

Error: I have removed sensitive information

message: "Error executing "PutObject" on "https://url"; AWS HTTP error: Client error: `PUT https://url` resulted in a `403 Forbidden` response:↵<?xml version="1.0" encoding="UTF-8"?>↵<Error><Code>RequestTimeTooSkewed</Code><Message>The difference between the reque (truncated...)↵ RequestTimeTooSkewed (client): The difference between the request time and the current time is too large. - <?xml version="1.0" encoding="UTF-8"?>↵<Error><Code>RequestTimeTooSkewed</Code><Message>The difference between the request time and the current time is too large.</Message><RequestTime>20190225T234631Z</RequestTime><ServerTime>2019-02-25T15:47:39Z</ServerTime><MaxAllowedSkewMilliseconds>900000</MaxAllowedSkewMilliseconds><RequestId>-----</RequestId><HostId>----</HostId></Error>"

Before:

vagrant@homestead:~$ date
Wed Feb 20 19:13:34 UTC 2019

After:

vagrant@homestead:~$ date
Mon Feb 25 15:47:01 UTC 2019

Answer 3

I facing same problem and found the solution as below.

remove line

'ACL' => 'public-read'

default permission with list, read, and write but without permission for change object specific permission (PutObjectAcl in AWS policy).

Answer 4

Braden's approach will work, but it is dangerous. The user will have full access to all your S3 buckets and the ability to log into the console. If the credentials used in the site are compromised, well...

A safer approach is:

1. AWS Console -> IAM -> Policies -> Create policy
2. Service = S3
3. Actions = (only the minimum required, e.g. List and Read)
4. Resources -> Specific -> bucket -> Add ARN (put the ARN of only the buckets needed)
5. Resources -> Specific -> object -> check Any or put the ARN's of specific objects
6. Review and Save to create policy
7. AWS Console -> IAM -> Users -> Add user
8. Access type -> check "Programmatic access" only
9. Next:Permissions -> Attach existing policies directly
10. Search and select your newly created policy
11. Review and save to create user

In this way you will have a user with only the needed access.

Answer 5

It looks like the same issue I ran into. Add a AmazonS3FullAccess policy to your AWS account.

• Log into AWS.
• Under Services select IAM.
• Select Users > [Your User]
• Open Permissoins Tab
• Attach the AmazonS3FullAccess policy to the account

Answer 6

The problem was a lack of permissions on the bucket themselves once I added those everything worked fine.

Answer 7

The 403 suggests that your key is incorrect, or the path to key is not correct. Have you verified that the package is loading the correct key in /myFolder/$keyname?

Might be helpful to try something simpler (instead of worrying about upload filetypes, paths, permissions, etc.) to debug.

$result = $client->listBuckets();
foreach ($result['Buckets'] as $bucket) {
    // Each Bucket value will contain a Name and CreationDate
    echo "{$bucket['Name']} - {$bucket['CreationDate']}\n";
}

Taken from http://docs.aws.amazon.com/aws-sdk-php/v2/guide/service-s3.html Also check out the service builder there.