Reputation: 305
'Access Denied' when copying files on AWS through the Node SDK
I'm currently writing an application in Node which has to be able to create, delete and copy files in a bucket. The create and delete functions work like a charm but the issue is with the 'copyObject' function (http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#copyObject-property). It's returning an error saying 'Access Denied'.
I did some research and tried different Bucket policies but nothing seems to work. This is the policy I'm currently using:
{
"Version": "2008-10-17",
"Id": "Policy1458587151478",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "AllowPublicList",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
(where bucketname is the name of my bucket)
The code I use to copy the file is:
copyJson:function(creativeData, callback){
var s3 = new AWS.S3({params: {Bucket: 'bucketname'}});
var params = {
CopySource: 'json_files/' + creativeData.user_id + '/'+creativeData.old_id + '.json',
Key: 'json_files/' + creativeData.user_id + '/' + creativeData.new_id + '.json',
ACL: 'bucket-owner-full-control'
};
s3.copyObject(params, function(err, data) {
if (err) callback(err, null);
else callback(null, data);
});
}
The error is:
{
"message": "Access Denied",
"code": "AccessDenied",
"region": null,
"time": "2016-03-22T09:02:25.761Z",
"requestId": "45EE85638A6099DD",
"extendedRequestId": "ag6GzYUc5gyZ1AuNQXpcLEgMI/ry814fS5oG66JwU3+4EfEuwfmAY2vagXemAkAJWyMx9EgvQ/8=",
"statusCode": 403,
"retryable": false,
"retryDelay": 3.5066229524090886
}
Is there anything I'm missing here?
Thanks
Upvotes: 2
Views: 1660
Answers (1)
Reputation: 2533
Your IAM role only gives access to GetObject and ListObject. Copying also requires PutObject as you write to S3. I think this should work:
{
"Version": "2008-10-17",
"Id": "Policy1458587151478",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["s3:GetObject","s3:PutObject"],
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "AllowPublicList",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
Upvotes: 0
Related Questions
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- AWS S3 Server side encryption Access denied error
- Amazon S3 buckets inside master account not getting listed in member accounts
- C# with AWS S3 access denied with transfer utility
- Error executing "PutObject" on "https://s3.ap-south-1.amazonaws.com/buckn/uploads/5th.jpg"; AWS HTTP error: Client error: `PUT
- Overwrite the permissions of the S3 object files not owned by the bucket owner
- How can I recover from Access Denied Error on AWS S3?
- AWS S3 putObjectTagging fails with AccessDenied in node.js lambda function