Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon S3 bucket returning 403 Forbidden

I've recently inherited a Rails app that uses S3 for storage of assets. I have transferred all assets to my S3 bucket with no issues. However, when I alter the app to point to the new bucket I get 403 Forbidden Status.

My S3 bucket is set up with the following settings:

Permissions

Everyone can list

Bucket Policy

{  "Version": "2012-10-17",  "Statement": [     {         "Sid": "PublicReadGetObject",         "Effect": "Allow",         "Principal": "*",         "Action": "s3:GetObject",         "Resource": "arn:aws:s3:::bucketname/*"     }  ] } 

CORS Configuration

<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">     <CORSRule>         <AllowedOrigin>*</AllowedOrigin>         <AllowedMethod>GET</AllowedMethod>         <MaxAgeSeconds>3000</MaxAgeSeconds>     </CORSRule>     <CORSRule>         <AllowedOrigin>https://www.appdomain.com</AllowedOrigin>         <AllowedMethod>PUT</AllowedMethod>         <AllowedMethod>POST</AllowedMethod>         <AllowedMethod>DELETE</AllowedMethod>         <AllowedHeader>*</AllowedHeader>     </CORSRule> </CORSConfiguration> 

Static Web Hosting

Enabled.

What else can I do to allow the public to reach these assets?

like image 986
thatgibbyguy Avatar asked Nov 01 '14 17:11

thatgibbyguy


People also ask

Why is my S3 bucket Access Denied?

If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 Block Public Access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.

Why am I getting HTTP 403 Forbidden error on AWS S3 bucket?

Verify that the AWS Identity and Access Management (IAM) user or role that you're using has permissions for the s3:PutObject action on the bucket. Without this permission, you get an HTTP 403 Forbidden error.

How do I troubleshoot Amazon S3 bucket access denied errors?

Review the IAM permissions boundaries that are set on the IAM identities that are trying to access the bucket. Confirm that the IAM permissions boundaries allow access to Amazon S3. If your users are getting Access Denied errors on public read requests that should be allowed, check the bucket's Amazon S3 block public access settings.

What permissions do I need to access an S3 bucket?

In addition, during the upload, if we try to modify the object’s ACL, the IAM user or role must have permissions for the s3:PutObjectAcl action. We need permission to access an S3 bucket that uses default encryption with a custom AWS KMS key. To get the permission, a key administrator must grant it on the key policy.

How do I block public access to Amazon S3?

Amazon S3 Block Public Access can apply to individual buckets or AWS accounts. Review the credentials that your users have configured to access Amazon S3. AWS SDKs and the AWS CLI must be configured to use the credentials of the IAM user or role with access to your bucket.


1 Answers

I know this is an old thread, but I just encountered the same problem. I had everything working for months and it just suddenly stopped working giving me a 403 Forbidden error. It turns out the system clock was the real culprit. I think s3 uses some sort of time-based token that has a very short lifespan. And in my case I just ran:

ntpdate pool.ntp.org 

And the problem went away. I'm running CentOS 6 if it's of any relevance. This was the sample output:

19 Aug 20:57:15 ntpdate[63275]: step time server ip_address offset 438.080758 sec 

Hope in helps!

like image 123
Sthe Avatar answered Sep 24 '22 19:09

Sthe