AWS S3 Bucket Permissions - Access Denied

Question

I am trying to give myself permission to download existing files in an S3 bucket. I've modified the Bucket Policy, as follows:

        {         "Sid": "someSID",         "Action": "s3:*",         "Effect": "Allow",         "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",         "Principal": {             "AWS": [                 "arn:aws:iam::123123123123:user/myuid"             ]         }     } 

My understanding is that addition to the policy should give me full rights to "bucketname" for my account "myuid", including all files that are already in that bucket. However, I'm still getting Access Denied errors when I try to download any of those files via the link that comes up in the console.

Any thoughts?

Answer 1

Step 1

Click on your bucket name, and under the permissions tab, make sure that Block new public bucket policies is unchecked

Step 2

Then you can apply your bucket policy

Hope that helps

Answer 2

David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'.

But a better solution might be to edit the user's policy to just grant access to the bucket:

{    "Statement": [     {       "Sid": "Stmt1350703615347",       "Action": [         "s3:*"       ],       "Effect": "Allow",       "Resource": [         "arn:aws:s3:::mybucket/*"       ]     },     {       "Effect": "Allow",       "Action": [         "s3:ListBucket"       ],       "Resource": ["arn:aws:s3:::mybucket"],       "Condition": {}     }   ] } 

The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.