Reputation: 2353
AWS S3 AccessDenied. Bucket permissions are granted, so do I need Bucket Policy when I am the user?
When I test an upload of an image to my S3 bucket I get an AWS::S3::AccessDenied (using Ruby on Rails). The code is using my own security key and secret code to my own bucket, on which I have all permission granted to myself (List,Upload/Delete,View Permissions,Edit Permission).
Do I also need to set ACL permission by entering a Bucket Policy? I don't understand why this would be necessary because my code uses my own account key to access S3. Also, the images are displaying fine on my site so there seems to be no problem with read permissions.
Upvotes: 3
Views: 10905
Answers (1)
Reputation: 7200
You don't need any policies at all set on the bucket, and should remove them, at least to get things running. Don't need any ACLs set either.
The AWS ID + secret for an account holder can access everything in a bucket without any ACL or policy set.
Once you get it working you might want to use amazon IAM to create a 'user' with lower amounts of access than the full account holder, and use that user's credentials in your ruby code to handle uploads.
I see that you want the uploaded images to have public read, to do this you need a policy or ACL, but that should not interfere with uploading. You can open up some read only access later.
Also try those AWS key and secret in a tool like Cyberduck, etc to see if its your ruby code or the IDs.
Upvotes: 5
Related Questions
- S3 bucket policy: allow full access to a bucket and all its objects
- aws s3 bucket policy
- AWS S3 Bucket Policy: How to grant access to EC2 instance?
- AWS: What is the relationship between S3 bucket policies and user policies?
- Why does Amazon S3 evaluates bucket policy even when requester is the bucket owner?
- AWS S3 bucket policy
- S3 Principal Bucket Policy Permissions
- Setting policy for S3 bucket for authorized users
- AWS S3: user policy for specifc bucket
- AWS S3 Policy for authenticated users