Reputation: 1
I am trying to grant read only access to an anonymous user when I am hit with an "Access denied" error even though it is my bucket and I have all perms.
I have tried editing the principal to look like this:
"Principal": {
"AWS": [
"arn:aws:iam::123123123123:user/myuid"
]
but then I get an incomplete json error.
This is the one Amazon uses as it example which,I have edited to cater to me:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
It should make the bucket public so all can view my website but, that isn't happening because of the access denied.
Upvotes: 0
Views: 316
Reputation: 270224
If you wish to grant access to a specific IAM User, then you should add a policy to that IAM User (without using a Bucket Policy).
If you wish to grant access to "anyone" (without authentication), then you should create a Bucket Policy such as:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
Also, be sure to turn off Amazon S3 Block Public Access otherwise you will receive an Access Denied
error when trying to access content.
Upvotes: 1
Reputation: 938
You IAM policy for should have s3:GetBucketPolicy and s3:PutBucketPolicy
set as permission actions on the IAM account.
Your policy should look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ExampleStmt",
"Action": [
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::awsexamplebucket/*"
}
]
}
You can view a trouble shooting doc here: https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/
Upvotes: 0