CODEWITHSUNDEEP
amazon-web-servicesamazon-s3access-denied
Patrick Lyman Old
Patrick Lyman Old

Reputation: 71

AWS S3: Unable to make access public

Goal: Publish static webpage using AWS S3

Issues: Access Denied and 403 Errors

I have been working on this issue for several hours now. After watching several tutorials (such as the one here: https://www.youtube.com/watch?v=4UafFZsCQLQ), deploying a static webpage on AWS S3 appeared to be quite easy. However, I am continually running into "Access Denied" errors when following tutorials, and 403 errors when trying to access my page.

403 Error when loading page

When viewing what should be my static webpage (http://watchyourinterest.live.s3-website.us-east-2.amazonaws.com), I receive a 403 error (see above image). This is after adding the following bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::watchyourinterest.live/*"
        }
    ]
}

I have also changed all of the Public Access Settings in the permissions to False (just to make sure nothing should be restricting this, though I do plan to change them to what they should be later once I have this working).

Public Access Settings

I also made sure to set the index document correctly to my index.html page, and set the error document correctly to my error.html file as well.

When viewing tutorials, it appears that this should make my page good to go. However, as I said before, I keep getting the 403 errors. Upon further thinking, I tried to set Public Access to Everyone for all of the files, but each time I try to click the Everyone selection, I get an error that says "Access Denied".

Trying to set file to public access

Access denied error when I attempt setting public access...

Similarly, the same happens when I click on files individually and take actions on them in a different way, as is seen below:

Access denied again when trying to make public

On the main page that lists all of my buckets, I am also getting this odd "Access" state of my bucket, when I want it to be public instead of this:

"Access" state of bucket, I WANT THIS TO BE PUBLIC

Any help would be greatly appreciated!!

Upvotes: 6

Views: 19562

Answers (4)

SaraHann
SaraHann

Reputation: 109

If you have already allowed public access, then under the Permissions tab for your bucket, check the Object Ownership section. If it says "Bucket owner enforced, ACLs are disabled", click Edit. Set ACLs to enabled and Save Changes. After this, the "Make Public" option will be available for objects in the bucket.

Upvotes: 10

Patrick Lyman Old
Patrick Lyman Old

Reputation: 71

Similar to the answer explained by @Sangam Belrose, but instead this NEEDS TO BE APPLIED TO THE ENTIRE AWS CONSOLE ACCOUNT AS WELL. When these were changed, I no longer ran into my issues. Images below illustrate this:

  1. Select the "Public Access Settings for this Account" tab on the left hand side of the AWS console. Note here how originally the access for this account is only for "Only authorized users of this account".

ACCOUNT Public Access Settings

  1. Make sure that the last checkbox, the one stating "Block public and cross-account access to buckets that have public policies" is UNCHECKED.

UNCHECK THIS BOX

  1. Type confirm on when the box confirmation window appears

  2. Now see that if this AND the bucket's public access settings are set correctly, this bucket will now be public.

It is now public, woo!

Upvotes: 1

Sangam Belose
Sangam Belose

Reputation: 4506

Your root cause of the issue is public access settings on bucket level. As per screenshot, your bucket is only allowing authorized users to access whatever there is inside your bucket.

The public access settings blocks the access even if you have given the access to your bucket objects through bucket policies.

To solve the issue, Please change the public access settings as below:

  1. Click on edit public access settings, it should show below settings.

enter image description here

  1. Leave all the checkbox unchecked. click on save. It will ask for confirmation. Type "confirm" in the given box.

enter image description here

That should show the access for that bucket as public.

Now you should be able to access your website with given endpoint for static website hosting.

Upvotes: 2

marcincuber
marcincuber

Reputation: 3791

I think you may be missing list operation, try

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "PublicListObject",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:ListBucket",
                "Resource": "arn:aws:s3:::watchyourinterest.live"
            },
            {
                "Sid": "PublicReadGetObject",
                "Effect": "Allow",
                "Principal": "*",
                "Action": ["s3:Get*","s3:List*"]
                "Resource": ["arn:aws:s3:::watchyourinterest.live/*","arn:aws:s3:::watchyourinterest.live"]
            }
        ]
    }

Upvotes: 3

Related Questions