Menu
I guess it may be a duplication but other posts with the same problem didn't help me much.
aws s3 cp s3://s3-us-west-2.amazonaws.com/my-test-bucket/intro.jpg test.jpg
Outputs the following:fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
Bucket Policy:
{
"Version": "2012-10-17",
"Id": "Policy1539624480514",
"Statement": [
{
"Sid": "Stmt1539624478431",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-test-bucket",
"arn:aws:s3:::my-test-bucket/*"
]
}
]
}
intro.jpg was added by user A (who has AdministratorAccess) via AWS Console Dashboard (it's not copy file between buckets)aws sts get-caller-identity returns me information about user A
{
"UserId": "AIDXXXX3KDQHYYYYXRLO",
"Account": "765123991235",
"Arn": "arn:aws:iam::765123991235:user/[email protected]"
}cat ~/.aws/config
[default]
region = us-west-2
output = jsoncat ~/.aws/credentials points to user A access key and secret[default]
aws_access_key_id = AZZZIXXXXJQZA6YYYYUQ
aws_secret_access_key = <<<<<<<<<KEY REMOVED>>>>>>>>aws s3 ls returns the correct list of buckets 
818
Verify that the AWS Identity and Access Management (IAM) user or role that you're using has permissions for the s3:PutObject action on the bucket. Without this permission, you get an HTTP 403 Forbidden error.
And why getting an error occurred (403) when calling the headobject operation: forbidden First, check whether your attached policy provides complete access to S3 and also to access objects within a S3 bucket, you have to provide this in the policy: The first statement allows complete access to all the objects available in the given S3 bucket.
Without this permission, you get an HTTP 403 Forbidden error. If you're trying to modify the object's ACL during the upload, then your IAM user or role must also have permissions for the s3:PutObjectAcl action. To access an S3 bucket that uses default encryption with a custom AWS KMS key, you must have the permissions to use the key.
Here a bucket policy explicitly denies any access to s3:PutObject on the bucket awsdoc-example-bucket unless the upload request includes encryption with the AWS KMS key arn:aws:kms:us-east-1:111122223333:key: Suppose we use the root user account to upload objects to the S3 bucket.
s3://s3-us-west-2.amazonaws.com/my-test-bucket/intro.jpg refers to a bucket named s3-us-west-2.amazonaws.com and the object key my-test-bucket/intro.jpg.
Access is denied because that isn't your bucket.
The correct URI here would be s3://my-test-bucket/intro.jpg.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
