CODEWITHSUNDEEP
phplaravel-5amazon-s3amazon-ec2
Rajeev Varshney
Rajeev Varshney

Reputation: 1115

How to access file from aws s3 bucket?

How to access file from aws s3 bucket after upload the image to s3 bucket. When i am getting the image it shown access denied error.

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>xxxxx</RequestId>
<HostId>xxxxx</HostId>
</Error>

Controller Code is

$sharedConfig = [
                 'region' => Config::get('filesystems.disks.s3.region'),
                 'version' => 'latest',
                 "Effect" => "Allow",
                 'credentials' => [
                   'key' => 'xxxx',
                   'secret' => 'xxxx'
                  ]
                ];
               $sdk = new \Aws\Sdk($sharedConfig);
               $s3 = $sdk->createS3();
               $res = $s3->putObject([
               'Key' => $fileName, // This will overwrite any other files with same name
               'SourceFile' => $filePath,
               'Bucket' => 'bolttupload'
              ]);
              Storage::copy($res['ObjectURL'],$destinationPath.$fileName);
              echo $res['ObjectURL'];die;

Upvotes: 2

Views: 3958

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 270224

By default, object in Amazon S3 are private. You can grant access to an object in several ways:

  • Access Control List on an individual object ("Make this object public")
  • Bucket Policy on the bucket ("Make this bucket or directory public")
  • Via permissions granted to an IAM User ("This user can access this bucket or directory)
  • Via pre-signed URLs ("This link will work for the next 5 minutes")

The URL you are using to access your object does not identify you as an authorised user. You have no Bucket Policy. Your object is not public. Therefore, you are correctly receiving an Access Denied message.

To make it accessible, you have to decide the scope of access based on the above list. If you want the object to be fully public, set that option on the object when you upload it:

$result = $client->putObject([
    'ACL' => 'private|public-read|public-read-write|authenticated-read|aws-exec-read|bucket-owner-read|bucket-owner-full-control',
...

If you want the whole bucket or a directory public, use a Bucket Policy.

If you only want certain users to access it, add a policy against the IAM User or IAM Group and then access the object with credentials that identify the user.

If you want your application to determine at run-time who should access the object, use a pre-signed URL.

Upvotes: 3

Related Questions