J. Doe
Reputation: 671
AWS presigned URL getting access denied
I'm trying to download a file from a pre-signed URL but it seems like something is going wrong somewhere because I am getting access denied. I'm guessing it's the permissions that is incorrect but I don't understand what the incorrect part is.
serverless.yml:
iam:
role:
statements:
- Effect: 'Allow'
Action:
- 's3:GetObject'
- 's3:PutObject'
- 's3:ListObject'
- 's3:CreateBucket'
Resource:
- "arn:aws:s3:::my_bucket/*"
- "arn:aws:s3:::my_bucket"
- "arn:aws:s3:::*"
Creating the pre-signed url in a lambda:
def get_presigned_url(key, file):
s3 = boto3.client('s3')
key = f'{key}/{file}'
presigned_url = s3.generate_presigned_url(
ClientMethod='get_object',
Params={
'Bucket': 'my_bucket',
'Key': key,
},
)
return presigned_url
The subfolder in the bucket contains '@' but it gets urlencoded to '%40', could that be a reason? Thanks!
Upvotes: 1
Views: 539
Answers (2)
J. Doe
Reputation: 671
Answer: the file was in a subfolder that contained @, which was url encoded to %40. Had to rename the subfolder
Upvotes: 2
r_dmr
Reputation: 193
In Serverless.yml file, Under the provider section, you should write permission like this:
iamRoleStatements:
- Effect: Allow
Action:
- "ssm:GetParameter*"
Resource: "*"
- Effect: Allow
Action:
- s3:*
Resource:
- "*"
Hope, this helps
Upvotes: 0
Related Questions
- Why do I get "Access Denied" when an S3 presigned URL was successfully generated?
- S3 getObject Pre-signed url generated from lambda not working
- Lambda / Pre-signed url access denied
- AWS CLI Can List S3 Bucket But Access Denied For Python Lambda
- Testing a AWS S3 Presigned Url returns 403 Forbidden (Nodejs)
- AWS S3 & Serverless - Access Denied when using PUT presigned URL
- S3 Object upload to a private bucket using a pre-signed URL result in Access denied
- AWS S3 PreSignedURL Lambda Function Test Error
- Access Denied Signed URL Python3 using cloud front
- Error trying to access S3 from lambda(python)