Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Not able to download file from AWS S3 Access Denied Error

Tags:

amazon-web-services

amazon-s3

When I try to download one file from AWS S3 through console, I am getting following error:

This XML file does not appear to have any style information associated with it.

The document tree is shown below.

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>DF19E559FDBA71C2</RequestId>
<HostId>f5cIaO8eh2yTmC+rtVIVg54xY4EXAjG6lsxzjbBjzMRwDWaMFaggAU3Wyoipy2ZuDHQLhz402DE=</HostId>
</Error>

Can someone please help with this.

Thanks in advance

like image 830
Rajendra Avatar asked Oct 31 '19 19:10

Rajendra

People also ask

Why is my s3 bucket Access Denied?

The "403 Access Denied" error can occur due to the following reasons: Your AWS Identity and Access Management (IAM) user or role doesn't have permissions for both s3:GetBucketPolicy and s3:PutBucketPolicy. The bucket policy denies your IAM identity permission for s3:GetBucketPolicy and s3:PutBucketPolicy.

How do I get permission to download a s3 bucket?

Open the IAM console. Add a policy to the IAM user that grants the permissions to upload and download from the bucket. You can use a policy that's similar to the following: Note: For the Resource value, enter the Amazon Resource Name (ARN) for the bucket with a wildcard character to indicate the objects in the bucket.

Why is s3 object URL Access Denied?

The URL to the Amazon S3 object doesn't include your user credentials, so the request to the object is anonymous. Amazon S3 returns an Access Denied error for anonymous requests to objects that aren't public.

1 Answers

You are getting this error because the file is set to private and you don't have the permission do download it. To do so, you must set a Bucket Policy according to the permissions you with to use.

If you want any user to be able to download bucket objects, you can set a policy such as:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"PublicRead",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

Another option, if you want to serve content, is to use Amazon CloudFront as a CDN.

Finally, it is important to understand what kind of access you need to download your files to set the appropriate policy.

like image 85
filipebarretto Avatar answered Sep 23 '22 11:09

filipebarretto
Sign in to Comment

Related questions

Is it possible with AWS AutoScaling to never terminate instances until a billable hour boundary?
Insert data in AWS Redshift via AWS Lambda
Where to run the copy command for Amazon Redshift
AWS CloudFormation not creating initial instance in Auto Scaling group
Docker Build can't find pip
Add streaming step to MR job in boto3 running on AWS EMR 5.0
S3 link with longer expiration
Restricting request origin for AWS Cognito User Pools javascript api
How can integrate Cognito Identity Pool with API Gateway?
AWS Cognito missing functions
Stream a multi-GB file to AWS S3 from ASP.NET Core Web API
How to open anonymous access to AWS API Gateway resource
Write to a specific folder in S3 bucket using AWS Kinesis Firehose
Querying DynamoDB with a partition key and list of specific sort keys
Cognito Groups with IAM Permissions
At least one Resources member must be defined ...error in cloud formation ec2
Serverless Offline undefined module when loaded from lambda layer
AWS Cognito: how to allow users to change email without sending verification code?
Best approach for sending logs from ECS Fargate into Elasticsearch
What is the difference between AWS ElastiCache Cluster and AWS ElastiCache Replication Group?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!