Menu
I tried uploading to s3 and when I see the logs from the s3 bucket logs this is what it says:
mybucket-me [17/Oct/2013:08:18:57 +0000] 120.28.112.39
arn:aws:sts::778671367984:federated-user/[email protected] BB3AA9C408C0D26F
REST.POST.BUCKET avatars/dean%2540player.com/4.png "POST / HTTP/1.1" 403
AccessDenied 231 - 132 - "http://localhost:8080/ajaxupload/test.html" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" -
I got an access denied. From where it's pointing I think the only thing that I'm missing out is adding of bucket policy. So here goes.
Using my email I could log in to my app and upload an avatar. The bucket name where I want to put my avatar is mybucket-me and in that it has a sub bucket named avatars.
-mybucket-me
-avatars
[email protected] //dynamic based on who are logged in
-myavatar.png //image uploaded
How do I add a bucket policy so I could grant a federated such as I to upload in s3 or what is the correct statement that I will add on my bucket policy so it could grant me a permission to upload into our bucket?
253
Short description. The "403 Access Denied" error can occur due to the following reasons: Your AWS Identity and Access Management (IAM) user or role doesn't have permissions for both s3:GetBucketPolicy and s3:PutBucketPolicy.
You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.
You now either have to:
acl: 'private' when uploading your image if your items are private
Example in Node.js:
const upload = multer({
storage: multerS3({
s3: s3,
bucket: 'moodboard-img',
acl: 'private',
metadata: function (req, file, cb) {
cb(null, {fieldName: file.fieldname});
},
key: function (req, file, cb) {
cb(null, Date.now().toString())
}
})
})
To upload to S3 bucket, you need to Add/Create IAM/Group Policy, for example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::test"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::test/*"]
}
]
}
Where arn:aws:s3:::test is your Amazon Resource Name (ARN).
Source: Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket
Related:
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
