I am trying to give myself permission to download existing files in an S3 bucket. I've modified the Bucket Policy, as follows: <pre class="prettyprint"><code> { "Sid": "someSID", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*", "Principal": { "AWS": [ "arn:aws:iam::123123123123:user/myuid" ] } } </code></pre> My understanding is that addition to the policy should give me full rights to "bucketname" for my account "myuid", including all files that are already in that bucket. However, I'm still getting Access Denied errors when I try to download any of those files via the link that comes up in the console. Any thoughts?

Step 1 Click on your bucket name, and under the permissions tab, make sure that Block new public bucket policies is unchecked <img src="https://i.stack.imgur.com/HRCwX.png" alt="enter image description here"> Step 2 Then you can apply your bucket policy <img src="https://i.stack.imgur.com/XPXLn.png" alt="enter image description here"> Hope that helps

David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'. <img src="https://i.stack.imgur.com/OfY9p.png" alt="enter image description here"> But a better solution might be to edit the user's policy to just grant access to the bucket: <pre class="prettyprint"><code>{ "Statement": [ { "Sid": "Stmt1350703615347", "Action": [ "s3:*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mybucket/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": ["arn:aws:s3:::mybucket"], "Condition": {} } ] } </code></pre> The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

AWS S3 Bucket Permissions

I am trying to give myself permission to download existing files in an S3 bucket. I've modified the Bucket Policy, as follows:

        {         "Sid": "someSID",         "Action": "s3:*",         "Effect": "Allow",         "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",         "Principal": {             "AWS": [                 "arn:aws:iam::123123123123:user/myuid"             ]         }     }

My understanding is that addition to the policy should give me full rights to "bucketname" for my account "myuid", including all files that are already in that bucket. However, I'm still getting Access Denied errors when I try to download any of those files via the link that comes up in the console.

Any thoughts?

Why is S3 object URL Access Denied?

If you're trying to host a static website using Amazon S3, but you're getting an Access Denied error, check the following requirements: Objects in the bucket must be publicly accessible. S3 bucket policy must allow access to the s3:GetObject action. The AWS account that owns the bucket must also own the object.

Why am I getting an access denied error from the Amazon S3 console when I try to modify a bucket policy?

Short description. The "403 Access Denied" error can occur due to the following reasons: Your AWS Identity and Access Management (IAM) user or role doesn't have permissions for both s3:GetBucketPolicy and s3:PutBucketPolicy.

How do I deny access to an S3 bucket?

You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.

Step 1

Click on your bucket name, and under the permissions tab, make sure that Block new public bucket policies is unchecked

enter image description here

Step 2

Then you can apply your bucket policy enter image description here

Hope that helps

David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'. enter image description here

But a better solution might be to edit the user's policy to just grant access to the bucket:

{    "Statement": [     {       "Sid": "Stmt1350703615347",       "Action": [         "s3:*"       ],       "Effect": "Allow",       "Resource": [         "arn:aws:s3:::mybucket/*"       ]     },     {       "Effect": "Allow",       "Action": [         "s3:ListBucket"       ],       "Resource": ["arn:aws:s3:::mybucket"],       "Condition": {}     }   ] }

The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

AWS S3 Bucket Permissions - Access Denied

Tags:

amazon-web-services

amazon-s3

David

People also ask

2 Answers

accimeesterlin

Karl Wilbur

Recent Activity

Donate For Us