S3 cp AccessDenied from AWS cli with root keys

Question

I have the AWS cli installed on an EC2 instance, and I configured it by running aws configure and giving it my AWSAccessKeyId and AWSSecretKey keys so if I run the command aws s3 ls it returns the name of my S3 bucket (call it "mybucket").

But, if I then try aws s3 cp localfolder/ s3://mybucket/ --recursive I get an error that looks like

A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Anonymous users cannot initiate multipart uploads.  Please authenticate.

I thought that by running aws configure and giving it my root key that I was effectively giving the aws cli everything it needs to authenticate? Is there something I am missing regarding copying to an S3 bucket as opposed to listing them?

Answer 1

Thought I would add in a very similar issue that I had where I could list buckets but could not write to a given bucket returning the error

An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied

If the bucket uses server-side encryption you'll need to add the --sse flag to be able to write to this bucket.

https://docs.aws.amazon.com/cli/latest/reference/s3/cp.html

Answer 2

Root Access keys and Secret key have full control and full privileges to interact with the AWS. Please try running the aws configure again to recheck the setting and try again.

PS: it is highly not recommended to use root access keys - please give a thought is creating an IAM ( which take admin privileges- like root ) and use those.

Answer 3

If you have environment variables AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_REGION set, AWS CLI gives higher precedence to them, and not to credentials you specify with aws configure.

So, in my case, bash command unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY solved the problem.