I have launched an EC2 instance with IAM role "webapp". role is attached and i can confirm it using
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/webapp { "Code" : "Success", "LastUpdated" : "2016-01-04T06:44:50Z", "Type" : "AWS-HMAC", "AccessKeyId" : "xxx", "SecretAccessKey" : "xxx", "Token" : "xxx", "Expiration" : "2016-01-04T12:46:27Z" } webapp Role has an attached policy for S3
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] } But I am unable to access objects on S3. I am using aws-php-sdk
require_once 'vendor/autoload.php'; use Aws\S3\S3Client; $client = S3Client::factory(array('region' => 'us-west-2','version'=>'2006-03-01')); $result = $client->getObject(array( 'Bucket' => 'test-bkt88767', 'Key' => "file.txt", )); echo $result['Body'] . "\n"; I am getting a 403 forbidden
PHP Fatal error: Uncaught exception 'Aws\S3\Exception\S3Exception' with message 'Error executing "GetObject" on "https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt"; AWS HTTP error: Client error: `GET https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt` resulted in a `403 Forbidden` response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9A (truncated...) AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9AC51CC2164F</RequestId><HostId>JPKyfP1LBLW5ky2wH9t2CEjHrKT0tI9zgyXHU/qcJWvBoOwhK7O0dzl1wCjjzV58UhKZVHXvFFg=</HostId></Error>' do I need to change bucket permissions as well? or I am doing something wrong with the conf. of EC2?
