AWS S3 - 403 forbidden reading file - Boto Python

Question

I can create a file using boto:

s3 = boto.connect_s3(aws_access_key_id='XXXX', aws_secret_access_key='XXX')
pb = s3.get_bucket(b_path)
k = Key(pb)
k.name = f_path
k.set_contents_from_string(content)

When i try to read the same file i get:

boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

If i go to S3 Web Inteface, and set permissions to read/write to everyone, now I can access the file.

PS: When I create the file, the owner is another user not mine. Is it the problem?

Answer 1

If third party credentials are used to upload an object to your bucket then, by default, you as bucket owner do not have any ownership of the object (the third party does).

All you can do as bucket owner in this case is list the object and delete it (which you are allowed to do because you are paying for its storage in your bucket). In particular, you cannot read or modify the object's ACL and you cannot get the object (unless the owner explicitly grants you read permission or makes the object public).

To have control over the object, you need the uploader to supply a canned ACL that gives you full control. The uploader can do this by supplying ACL='bucket-owner-full-control' when calling put() . Alternatively, I believe you can supply GrantFullControl='xyz', indicating the grantee.