CODEWITHSUNDEEP
amazon-web-servicesamazon-s3
Rajspeeder
Rajspeeder

Reputation: 275

Access permission denied for the objects created by someone else in my AWS S3 bucket

We have an application that writes files to an Amazon S3 bucket. I am not able to download or copy the files to different bucket. I am getting access denied error. The owner of the file is someone else but the bucket is owned by us. That person is not accessible and is not there in the organization. How do I access the files and change the access permission or change the owner of the files?

I tried copying the objects from source bucket to destination bucket but Error 403.

Here is the bucket policy:

{
    "Version": "2012-10-17",
    "Id": "abcd",
    "Statement": [
        {
            "Sid": "abcd",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::123456789012:user/xxx"
                ]
            },
            "Action": [
                "s3:GetObject",
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::xyz/*",
                "arn:aws:s3:::xyz"
            ]
        }
    ]
}

Expected: I want to move these files to different bucket or download these files. It is giving error Access denied 403.

Upvotes: 0

Views: 1378

Answers (1)

jarmod
jarmod

Reputation: 78803

The uploader of the files needs to grant full control over the objects to the bucket owner.

How you do this depends on which tool or SDK you are using to upload files. For example, if you are using the awscli then you would append --acl bucket-owner-full-control to the aws s3 cp command.

As an S3 bucket owner, you can require uploaders to give you full control by specifying an appropriate S3 bucket policy.

Note that giving the bucket owner full control does not make the bucket owner the owner of the objects. They are still owned by the uploader. However, if the bucket owner has full control and wants ownership, then the bucket owner can simply copy each file over itself, and that will transfer the ownership.

Upvotes: 2

Related Questions