Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

S3: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

After configure AWSCLI using command aws configure . I'm trying to download files from S3 bucket to local folder test, using following command

aws s3 sync s3://sourceBucket  ./test --delete

but it's throwing following error message

download failed: s3://sourceBucket/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
download failed: s3://sourceBucket/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

sourceBucket had following permissions

sourceBucket permissions Image - clickhere

When I check List of objects in sourceBucket using this command

aws s3api list-objects --bucket sourceBucket --query 'Contents[].{Key: Key, Size: Size}'

following is the output of it

[
    {
        "Key": "jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war", 
        "Size": 2546325
    },
    {
        "Key": "jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war", 
        "Size": 3571598
    }
]

could some one let me know how to solve this, I need to download the all objects from s3 sourceBucket to local folder test.

Thank you.

like image 599
Lakshmi Avatar asked May 01 '17 00:05

Lakshmi


People also ask

Why is my S3 Access Denied?

If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 Block Public Access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.

Why am I getting an access denied error from the Amazon S3 console when I try to modify a bucket policy?

Short description. The "403 Access Denied" error can occur due to the following reasons: Your AWS Identity and Access Management (IAM) user or role doesn't have permissions for both s3:GetBucketPolicy and s3:PutBucketPolicy.


1 Answers

If you use KMS to encrypt your S3 files, also make sure the IAM user / role has access to use the appropriate key to decrypt the file. In your KMS dashboard, click on 'Customer Managed Keys' then click on the specific key used for the S3 bucket. You'll then need to add the appropriate accounts / roles to the key policy. For more see: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam

like image 171
Chris McLaughlin Avatar answered Oct 08 '22 10:10

Chris McLaughlin