Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Root User Permission Denied on S3 Bucket policy

Tags:

amazon-web-services

amazon-s3

permission-denied

I created a new bucket on AWS S3 from the web wizard. I was logged in as root user

I am attempting to add a Bucket policy as follows

{
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": [
            "s3:GetObject"
        ],
        "Resource": [
            "arn:aws:s3:::<my-bucket-name-is-here>/*"
        ]
    }]
}

I get permission denied in both the web editor and the CLI

Web tool aws admin panel error modal

CLI An error occurred (AccessDenied) when calling the PutBucketPolicy operation: Access Denied

In the IAM settings, the root user has full access

    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]

I added

        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }

I also tried adding

        {
            "Sid": "ModifyBucketPolicy",
            "Action": [
                "s3:GetBucketPolicy",
                "s3:PutBucketPolicy"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::<MY-BUCKET-NAME>*"
        },

I still don't have permissions

like image 610
auerbachb Avatar asked Nov 09 '20 02:11

auerbachb

People also ask

Why is my S3 bucket Access Denied?

If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 Block Public Access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.

How do I get permissions for S3 bucket?

Sign in to the AWS Management Console using the account that has the S3 bucket. Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Select the bucket that you want AWS Config to use to deliver configuration items, and then choose Properties. Choose Permissions.

How do I give permission to edit a bucket policy?

To create or edit a bucket policy In the Buckets list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit. Choose Permissions. Under Bucket policy, choose Edit. This opens the Edit bucket policy page.

1 Answers

Thanks to @JohnRotenstein I see that because I accepted the default "Block All Public Access" from AWS I was unable to edit the bucket policy. This makes sense, since the bucket policy can also control access and could thus conflict.

However, the error message is confusing since it makes no mention of the fact that it is the Block public access (bucket settings) that prevented updating. The error message stating access denied / you don't have permissions made me think it was the IAM settings on my user that were preventing me from modifying the resource.

like image 92
auerbachb Avatar answered Sep 28 '22 05:09

auerbachb
Sign in to Comment

Related questions

wget a raw file from Github from a private repo
How to enable CORS for a local file that references a hosted ASP.NET Web API that is hosted on Amazon AWS
Setting environmental variables with !Ref in AWS SAM?
Why use SNS to trigger a lambda function, and not API gateway?
How to change data type of column in DynamoDb?
NodeJS not installed successfully in AWS EC2 inside User-data
How to get an AWS SSM Key Arn from an Alias using CloudFormation?
AWS ECS unable to place a task because no container instance met all of its requirements
Step Functions AWS SAM CLI Local Connection Refused Error
Missing DNS validation record when using terraform aws_acm_certificate_validation
How to correctly return binary file (image) from lambda through API gateway
How to delete database with AWS Database Deletion Protection
`aws secretsmanager list-secrets` command to return secrets and filter them by tag
S3 bucket global uniqueness
Use a clientId without a client secret
Missing aws-exports.js always when building AWS Amplify React app with Amplify integrations
AWS Lambda function can't invoke another Lambda function in the same VPC
Standard formula to determine or calculate Cidr for VPC in AWS [closed]
How to add a Redrive policy to an SNS with an encrypted DLQ
How to enable HTTPS for Elastic Beanstalk url

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!