I have established an AWS acct. and am trying to do my first programmatic PUT into S3. I have used the console to create a bucket and put things there. I have also created a subdirectory (myFolder) and made it public. I created my .aws/credentials file and have tried using the sample codes but I get the following error:
Error executing "PutObject" on "https://s3.amazonaws.com/gps-photo.org/mykey.txt"; AWS HTTP error: Client error:
PUT https://s3.amazonaws.com/gps-photo.org/mykey.txt
resulted in a403 Forbidden
response:AccessDenied
Access DeniedFC49CD (truncated...) AccessDenied (client): Access Denied -AccessDenied
Access DeniedFC49CD15567FB9CD1GTYxjzzzhcL+YyYsuYRx4UgV9wzTCQJX6N4jMWwA39PFaDkK2B9R+FZf8GVM6VvMXfLyI/4abo=
My code is
<?php
// Include the AWS SDK using the Composer autoloader.
require '/home/berman/vendor/autoload.php';
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'gps-photo.org';
$keyname = 'my-object-key';
// Instantiate the client.
$s3 = S3Client::factory(array(
'profile' => 'default',
'region' => 'us-east-1',
'version' => '2006-03-01'
));
try {
// Upload data.
$result = $s3->putObject(array(
'Bucket' => $bucket,
'Key' => "myFolder/$keyname",
'Body' => 'Hello, world!',
'ACL' => 'public-read'
));
// Print the URL to the object.
echo $result['ObjectURL'] . "\n";
} catch (S3Exception $e) {
echo $e->getMessage() . "\n";
}
If anyone can help me out, that would be great. Thanks. --Len
The "403 Forbidden" error can occur due to the following reasons: Permissions are missing for s3:PutObject to add an object or s3:PutObjectAcl to modify the object's ACL. You don't have permission to use an AWS Key Management Service (AWS KMS) key. There is an explicit deny statement in the bucket policy.
If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 block public access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.
Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have WRITE_ACP permission to set the ACL of an object. For more information, see What permissions can I grant? in the Amazon S3 User Guide.
PDF. Retrieves objects from Amazon S3. To use GET , you must have READ access to the object. If you grant READ access to the anonymous user, you can return the object without using an authorization header.
It looks like the same issue I ran into. Add a AmazonS3FullAccess policy to your AWS account.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With