Reputation: 2975
How to solve s3 access denied on file added to s3 bucket from another account?
I have two accounts, A and B. A has a S3 bucket, B has a lambda function which sends a csv to S3 bucket in account A. I am creating these resources using terraform.
After I login to Account A, I am able to see the file added, but not able to Download or Open the file, it says Access Denied. I see the below in the Properties section of the file.
I did not add any encryption to the file or bucket.
Upvotes: 1
Views: 670
Answers (1)
Reputation: 51644
By default, an S3 object is owned by the AWS account that uploaded it. This is true even when the bucket is owned by another account. To get access to the object, the object owner must explicitly grant you (the bucket owner) access.
The object owner can grant the bucket owner full control of the object by updating the access control list (ACL) of the object. The object owner can update the ACL either during a put or copy operation, or after the object is added to the bucket.
Please refer to this guide in order to resolve this issue and apply the required permissions.
It also links to a description how to use a bucket policy to ensure that any objects uploaded to your bucket by another account sets the ACL as "bucket-owner-full-control".
Upvotes: 2
Related Questions
- Amazon S3 File Permissions, Access Denied when copied from another account
- Access Denied upload to s3
- S3 cross account file transfer, file not accessible
- Access denied on AWS s3 bucket even with bucket and/or user policy
- "Permission denied" exception when I try uploading to S3 bucket from EC2 instance
- Access permission denied for the objects created by someone else in my AWS S3 bucket
- Access Denied Error uploading object to s3 bucket
- File in Amazon S3 bucket denied after making bucket public
- In AWS S3 how do I grant a permission to an account if the file exists already
- Amazon S3 file 'Access Denied' exception in Cross-Account