Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Amazon s3 – 403 Forbidden with Correct Bucket Policy

Tags:

permissions

amazon-web-services

amazon-s3

s3cmd

I'm trying to make all of the images I've stored in my s3 bucket publicly readable, using the following bucket policy. 

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": {
            "AWS": [
                "*"
            ]
        }
    }
]

}

I have 4 other similar s3 buckets with the same bucket policy, but I keep getting 403 errors.

The images in this bucket were transferred using s3cmd sync as I'm trying to migrate the contents of the bucket to a new account.

The only difference that I can see is that

  1. i'm using an IAM user with admin access, instead of the root user
  2. the files dont have a "grantee : everyone open/download file" permission on each of the files, something the files had in the old bucket
like image 442
Seán O'Grady Avatar asked Jul 23 '15 16:07

Seán O'Grady

3 Answers

If you want everyone to access your S3 objects in the bucket, the principal should be "*", i.e., like this:

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": "*"
        }
    }
]

}

Source: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Principal

like image 161
Markus Klems Avatar answered Oct 19 '22 02:10

Markus Klems

I've managed to solve it by running the s3cmd command again but adding --acl-public to the end of it. Seems to have fixed my issue

like image 2
Seán O'Grady Avatar answered Oct 19 '22 03:10

Seán O'Grady

I Know this is an old question, but for whoever is having this issue and working from the AWS Console. Go to the bucket in AWS S3 console:

  1. Open the permissions tab.
  2. Open Public Access settings.
  3. Click edit

enter image description here

Then in the editing page :

  1. Uncheck Block new public bucket policies (Recommended)
  2. Uncheck Block public and cross-account access if bucket has public policies (Recommended)
  3. Click save

enter image description here

CAUTION

PLEASE NOTE THAT THIS WILL MAKE YOUR BUCKET ACCESSIBLE BY ANYONE ON THE INTERNET, EVENT IF THEY DO NOT HAVE AN AWS ACCOUNT, THEY STILL CAN ACCESS THE BUCKET AND THE BUCKET'S CONTENTS. PLEASE HANDLE WITH CAUTION!

like image 1
Ahmad Hajjar Avatar answered Oct 19 '22 01:10

Ahmad Hajjar
Sign in to Comment

Related questions

How to implement custom AWSCredentialsProvider
Uploading multiple files to Amazon S3 from PHP
Amazon S3 SDK for java - configure TLSv1.2
Disconnect all user connections on an RDS Oracle DB
AWS authentication requires a valid Date or x-amz-date header curl
AWS for user management
Amazon s3 and node js video streaming and thumbnail?
How can I check that a AWS S3 bucket exists?
Difference between HTTP Authorization header and Query string parameters
Updating AWS S3 expiration time
Amazon Elasticache Redis cluster - Can't get Endpoint
AWS Lambda copyObject "Process exited before completing request"
Unable to access files from public s3 bucket with boto
Restore object from AWS Glacier to S3
sending sms from java web app using aws sns
How do I look up a cognito user by their sub/UUID?
The difference between AWS Amplify and amazon-cognito-identity-js?
Does generating a pre-signed URL to an S3 object using the AWS SDK cost anything?
Does API Gateway automatically validate input model?
Cannot create only IAM policy with cloudformation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!