AWS S3 Bucket Permissions - Access Denied

amazon-web-services amazon-s3

I am trying to give myself permission to download existing files in an S3 bucket. I've modified the Bucket Policy, as follows:

        {
        "Sid": "someSID",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",
        "Principal": {
            "AWS": [
                "arn:aws:iam::123123123123:user/myuid"
            ]
        }
    }

My understanding is that addition to the policy should give me full rights to "bucketname" for my account "myuid", including all files that are already in that bucket. However, I'm still getting Access Denied errors when I try to download any of those files via the link that comes up in the console.

Any thoughts?


Solution 1:

Step 1

Click on your bucket name, and under the permissions tab, make sure that Block new public bucket policies is unchecked

enter image description here

Step 2

Then you can apply your bucket policy enter image description here

Hope that helps

Solution 2:

David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'. enter image description here

But a better solution might be to edit the user's policy to just grant access to the bucket:

{
   "Statement": [
    {
      "Sid": "Stmt1350703615347",
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::mybucket/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {}
    }
  ]
}

The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

Solution 3:

Change resource arn:aws:s3:::bucketname/AWSLogs/123123123123/* to arn:aws:s3:::bucketname/* to have full rights to bucketname

Solution 4:

Use below method for uploading any file for public readable form using TransferUtility in Android.

transferUtility.upload(String bucketName, String key, File file, CannedAccessControlList cannedAcl)

Example

transferUtility.upload("MY_BUCKET_NAME", "FileName", your_file, CannedAccessControlList.PublicRead);

Solution 5:

for show website static in s3:

unckeched blocking bucket public

This is bucket policies:

{
  "Version":"2012-10-17",
  "Statement":[{
  "Sid":"PublicReadGetObject",
    "Effect":"Allow",
  "Principal": "*",
  "Action":["s3:GetObject"],
  "Resource":["arn:aws:s3:::example-bucket/*"
  ]
  }
]
}

Related

In TortoiseSVN, why can't I show the log older than 6 weeks or so?
how to render child components in react.js recursively
Eclipse: How to install a plugin manually?
How can "[" be an operator in the PHP language specification?
Seaborn Heatmap with logarithmic-scale colorbar
How to see the retention for a particular topic in kafka
map vs flatMap in reactor
Concepts of backref and back_populate in SQLalchemy?
Converting a polynomial ring to a numerical ring (transport of structure)
Android Studio - Could not find intellij-core.jar
When multiplying by $i$ in inequalities, does the sign flip?
Importing the numpy c-extensions failed