I'v got user with all permissions.
{ "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] }
I'm using aws-sdk-php-2 to put and copy objects in bucket.
http://docs.aws.amazon.com/aws-sdk-php-2/latest/class-Aws.S3.S3Client.html
Put code works perfect
$client->putObject(array( 'Bucket' => 'kiosk', 'Key' => 'test/orders/test.csv', 'SourceFile' => $sourcePath, ));
After check if object created on S3 via https://console.aws.amazon.com/s3 I'm executing next script.
$result = $client->copyObject(array( 'Bucket' => 'kiosk', 'CopySource' => 'test/orders/test.csv', 'Key' => 'test/test.csv', ));
And I'm getting fatal error:
Fatal error: Uncaught Aws\S3\Exception\S3Exception: AWS Error Code: AllAccessDisabled, Status Code: 403, AWS Request ID: XXX, AWS Error Type: client, AWS Error Message: All access to this object has been disabled, User-Agent: aws-sdk-php2/2.2.1 Guzzle/3.3.1 curl/7.19.7 PHP/5.4.13 thrown in phar:///usr/share/pear/AWSSDKforPHP/aws.phar/src/Aws/Common/Exception/NamespaceExceptionFactory.php on line 89
After upload file manually console.aws.amazon.com/s3 I see different error when trying to copy:
Fatal error: Uncaught Aws\S3\Exception\AccessDeniedException: AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID: XXX, AWS Error Type: client, AWS Error Message: Access Denied, User-Agent: aws-sdk-php2/2.2.1 Guzzle/3.3.1 curl/7.19.7 PHP/5.4.13 thrown in phar:///usr/share/pear/AWSSDKforPHP/aws.phar/src/Aws/Common/Exception/NamespaceExceptionFactory.php on line 89
I also try to set permissions on file and folder via console.aws.amazon.com/s3
: Grantee: Everyone, Open/Download and View Permission and Edit Permission
But still same error.
To run the command aws s3 cp with the --recursive option, you need permission to s3:GetObject, s3:PutObject, and s3:ListBucket. To run the command aws s3 sync, then you need permission to s3:GetObject, s3:PutObject, and s3:ListBucket.
Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Select the bucket that you want AWS Config to use to deliver configuration items, and then choose Properties. Choose Permissions. Choose Edit Bucket Policy.
S3 is not a standard Linux file system and thus cannot preserve Linux file permissions.
I know this is an old question, but I ran into the same issue recently while doing work on a legacy project.
$this->client->copyObject([ 'Bucket' => $this->bucket, 'CopySource' => $file, 'Key' => str_replace($source, $destination, $file), ]);
All of the my other S3 calls worked except for copyObject
continued to throw an ACCESS DENIED error. After some digging, I finally figured out why.
I was passing just the key and making the assumption that the bucket being passed was what both the source and destination would use. Turns out that is an incorrect assumption. The source must have the bucket name prefixed.
Here was my solution:
$this->client->copyObject([ 'Bucket' => $this->bucket, // Added the bucket name to the copy source 'CopySource' => $this->bucket.'/'.$file, 'Key' => str_replace($source, $destination, $file), ]);
It says "Access Denied" because it thinks the first part of your key/folder is actually the name of the bucket which either doesn't exist or you really don't have access to.
Hope that helps a few people out!
Found out what the issue is here; being an AWS newbie I struggled here for a bit until I realized that each policy for the users you set needs to clearly allow the service you're using.
In this case I hadn't set the user to be allowed into S3.
Goto IAM then goto Users and click on the particular user that has the credentials you're using. From there goto Permissions tab, then click on Attach User Policy and find the S3 policy under select policy template. This should fix your problem.
Hope that helps!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With