Tropixz
Tropixz

Reputation: 1

I get the error "Access denied" even though I own the bucket and have all perms

I am trying to grant read only access to an anonymous user when I am hit with an "Access denied" error even though it is my bucket and I have all perms.

I have tried editing the principal to look like this:

"Principal": {
        "AWS": [
            "arn:aws:iam::123123123123:user/myuid"
        ]

but then I get an incomplete json error.

This is the one Amazon uses as it example which,I have edited to cater to me:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
} 

It should make the bucket public so all can view my website but, that isn't happening because of the access denied.

Upvotes: 0

Views: 316

Answers (2)

John Rotenstein
John Rotenstein

Reputation: 270224

If you wish to grant access to a specific IAM User, then you should add a policy to that IAM User (without using a Bucket Policy).

If you wish to grant access to "anyone" (without authentication), then you should create a Bucket Policy such as:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

Also, be sure to turn off Amazon S3 Block Public Access otherwise you will receive an Access Denied error when trying to access content.

Upvotes: 1

matoneski
matoneski

Reputation: 938

You IAM policy for should have s3:GetBucketPolicy and s3:PutBucketPolicy set as permission actions on the IAM account.

Your policy should look like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ExampleStmt",
      "Action": [
        "s3:GetBucketPolicy",
        "s3:PutBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::awsexamplebucket/*"
    }
  ]
}

You can view a trouble shooting doc here: https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/

Upvotes: 0

Related Questions