CODEWITHSUNDEEP
amazon-web-servicesamazon-s3amazon-iam
Matrix
Matrix

Reputation: 2659

InvalidRequest when calling the PutObject operation in AWS

I'm using the following command to verify if my user could access to S3 bucket: (based on this link: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html)

$ aws s3api put-object --bucket bymspsbucket --key AWS.png --body Desktop/AWS.png --profile spsadmin

But I've faced with the following error and stuck on it and no idea what's wrong...

"An error occurred (InvalidRequest) when calling the PutObject operation: Missing required header for this request: x-amz-content-sha256"

I've run the command with --debug

Please see the debug-output file in the following link: https://github.com/minafa/AWS/wiki

$ aws --version
aws-cli/1.10.59 Python/2.7.10 Darwin/15.0.0 botocore/1.4.49

I've configured config file using cmd: aws configure, the result is as followed:

#vim ./aws/credentials
[default]
aws_access_key_id =
aws_secret_access_key =
[spsadmin]
aws_access_key_id =
aws_secret_access_key =

#vim ./aws/config

Edited:

As there was no region in the credentials file, I've modified the file manually. So it could work for putobject, but get object gives access deny error:

aws s3api get-object --bucket examplebucket --key AWS.png OutputFile.jpg --profile spsadmin

An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

The permission that I set in s3 bucket that my user could access on it, is as followed:

"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject", 
"s3:PutObject"

Does it need to attach the same policy in IAM my user account as well? Under attach policy of IAM, there is only "AmazonS3FullAccess" that I've set but it should not be FullAccess, because the user must have access to only the bucket that I've assigned.

Any help would be appreciated.

Upvotes: 0

Views: 4359

Answers (1)

Matrix
Matrix

Reputation: 2659

I've fixed my issues as followed:

  1. put-object didn't work, because there was no region set in config/credentials files. So .aws/credentials is modefied.

  2. get-object gave Access denied error, since it needs to set:

    "Action": "s3:GetBucketAcl" in Bucket Policy.

  3. A policy (with the same actions of bucket policy) should be created and attached to IAM user as well, the instruction is based on the following link: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_managed-policies.html

  4. AmazonS3FullAccess could be attached to IAM user if he wants to see the S3 buckets through the console and makes more buckets. Otherwise it could be deattach.

Upvotes: 0

Related Questions