stackoom
  简体   繁体   中英

Amazon s3 – 403 Forbidden with Correct Bucket Policy

 原文  2015-07-23 16:26:42       amazon-web-services/ amazon-s3/ permissions/ s3cmd

Question

I'm trying to make all of the images I've stored in my s3 bucket publicly readable, using the following bucket policy. 

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": {
            "AWS": [
                "*"
            ]
        }
    }
]

}

I have 4 other similar s3 buckets with the same bucket policy, but I keep getting 403 errors.

The images in this bucket were transferred using s3cmd sync as I'm trying to migrate the contents of the bucket to a new account.

The only difference that I can see is that

  1. i'm using an IAM user with admin access, instead of the root user
  2. the files dont have a "grantee : everyone open/download file" permission on each of the files, something the files had in the old bucket

4 answers

solution1
 2  2015-07-23 17:58:07

If you want everyone to access your S3 objects in the bucket, the principal should be "*", ie, like this: 

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": "*"
        }
    }
]

}

Source: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Principal

solution2
 2  2015-07-24 21:02:41

I've managed to solve it by running the s3cmd command again but adding --acl-public to the end of it. Seems to have fixed my issue

solution3
 1  2018-12-20 03:14:24

I Know this is an old question, but for whoever is having this issue and working from the AWS Console. Go to the bucket in AWS S3 console:

  1. Open the permissions tab.
  2. Open Public Access settings.
  3. Click edit

在此处输入图片说明

Then in the editing page :

  1. Uncheck Block new public bucket policies (Recommended)
  2. Uncheck Block public and cross-account access if bucket has public policies (Recommended)
  3. Click save

在此处输入图片说明

CAUTION

PLEASE NOTE THAT THIS WILL MAKE YOUR BUCKET ACCESSIBLE BY ANYONE ON THE INTERNET , EVENT IF THEY DO NOT HAVE AN AWS ACCOUNT, THEY STILL CAN ACCESS THE BUCKET AND THE BUCKET'S CONTENTS. PLEASE HANDLE WITH CAUTION!

solution4
 0  2015-07-23 19:50:27

From AWS Documentation
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html 

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

Not sure if the order or attributes matter here. I would give this one a try.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question IAM user policy returning 403 Forbidden on Amazon S3 bucket Amazon S3 bucket returning 403 Forbidden Amazon S3: 403 forbidden “Invalid according to policy: policy expired” (Ruby) 403 Forbidden during POST to S3 bucket Electron-Updater and AWS S3 bucket policy - Error: HttpError: 403 Forbidden Trying to set up Amazon's S3 bucket: 403 Forbidden error & setting permissions 403 forbidden error - Accessing Amazon S3 bucket using Http GET Request in c# Amazon S3 Bucket Policy to prevent download? Amazon S3 Bucket Policy Referer Amazon S3 Bucket Policy and CORS not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM