After configure AWSCLI using command aws configure
. I'm trying to download files from S3 bucket to local folder test, using following command
aws s3 sync s3://sourceBucket ./test --delete
but it's throwing following error message
download failed: s3://sourceBucket/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
download failed: s3://sourceBucket/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
sourceBucket had following permissions
sourceBucket permissions Image - clickhere
When I check List of objects in sourceBucket using this command
aws s3api list-objects --bucket sourceBucket --query 'Contents[].{Key: Key, Size: Size}'
following is the output of it
[
{
"Key": "jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war",
"Size": 2546325
},
{
"Key": "jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war",
"Size": 3571598
}
]
could some one let me know how to solve this, I need to download the all objects from s3 sourceBucket to local folder test.
Thank you.
If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 Block Public Access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.
Short description. The "403 Access Denied" error can occur due to the following reasons: Your AWS Identity and Access Management (IAM) user or role doesn't have permissions for both s3:GetBucketPolicy and s3:PutBucketPolicy.
If you use KMS to encrypt your S3 files, also make sure the IAM user / role has access to use the appropriate key to decrypt the file. In your KMS dashboard, click on 'Customer Managed Keys' then click on the specific key used for the S3 bucket. You'll then need to add the appropriate accounts / roles to the key policy. For more see: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With