执行“ GetObjectAcl”时出错，导致403禁止访问被拒绝

Question

I am trying to copy an image from one folder to another one in Amazon S3 through Laravel 5.5 / PHP 7

$s3 = Storage::disk('s3');
$s3->copy('old_path/image.jpg', 'new_path/image.jpg');

And I am getting the error:

Aws \ S3 \ Exception \ S3Exception
Error executing "GetObjectAcl" on "https://mybucket.s3.us-east-2.amazonaws.com/old_path/image.jpg?acl"; AWS HTTP error: Client error: `GET https://mybucket.s3.us-east-2.amazonaws.com/old_path/image.jpg` resulted in a `403 Forbidden` response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>xxx (truncated...) AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>xxx</RequestId><HostId>xxx</HostId></Error>

I've noticed that the query acl was automatically appended to old_path/image.jpg as you can see it shown in the error message https://mybucket.s3.us-east-2.amazonaws.com/old_path/image.jpg?acl , what I suspect it is causing the error, because the image is accessible through the URL https://mybucket.s3.us-east-2.amazonaws.com/old_path/image.jpg but it is inaccessible with the ?acl in its end.

I don't know how to solve it. Any idea?!

Answer 1

Normally that appears when your Bucket-ACL is not correct. Your user has not enough permissions to get the object ACL. You have to generate a proper Bucket policy and insert it to your Bucket.

You can use the generator to create a policy. If you have one you can extend them.

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html

Sometimes it's a bit complicated to set the correct permissions for a defined user and you have to try it a bit.