AWS S3 Bucket Permissions - Access Denied

后端 未结 9 508
独厮守ぢ
独厮守ぢ 2020-12-30 19:12

I am trying to give myself permission to download existing files in an S3 bucket. I\'ve modified the Bucket Policy, as follows:

        {
        \"Sid\": \"         


        
相关标签:
9条回答
  • 2020-12-30 19:35

    Giving public access to Bucket to add policy is NOT A RIGHT way. This exposes your bucket to public even for a short amount of time.

    You will face this error even if you are admin access (Root user will not face it) According to aws documentation you have to add "PutBucketPolicy" to you IAM user.

    So Simply add a S3 Policy to you IAM User as in below screenshot , mention your Bucket ARN for make it safer and you don't have to make you bucket public again.

    0 讨论(0)
  • 2020-12-30 19:38

    for show website static in s3:

    This is bucket policies:

    {
      "Version":"2012-10-17",
      "Statement":[{
      "Sid":"PublicReadGetObject",
        "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::example-bucket/*"
      ]
      }
    ]
    }
    
    0 讨论(0)
  • 2020-12-30 19:40

    Use below method for uploading any file for public readable form using TransferUtility in Android.

    transferUtility.upload(String bucketName, String key, File file, CannedAccessControlList cannedAcl)
    

    Example

    transferUtility.upload("MY_BUCKET_NAME", "FileName", your_file, CannedAccessControlList.PublicRead);
    
    0 讨论(0)
  • 2020-12-30 19:41

    Change resource arn:aws:s3:::bucketname/AWSLogs/123123123123/* to arn:aws:s3:::bucketname/* to have full rights to bucketname

    0 讨论(0)
  • 2020-12-30 19:42

    David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'. enter image description here

    But a better solution might be to edit the user's policy to just grant access to the bucket:

    {
       "Statement": [
        {
          "Sid": "Stmt1350703615347",
          "Action": [
            "s3:*"
          ],
          "Effect": "Allow",
          "Resource": [
            "arn:aws:s3:::mybucket/*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket"
          ],
          "Resource": ["arn:aws:s3:::mybucket"],
          "Condition": {}
        }
      ]
    }
    

    The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

    0 讨论(0)
  • 2020-12-30 19:45

    Go to this link and generate a Policy. In the Principal field give *

    In the Actions set the Get Objects

    Give the ARN as arn:aws:s3:::<bucket_name>/*

    Then add statement and then generate policy, you will get a JSON file and then just copy that file and paste it in the Bucket Policy.

    For More Details go here.

    0 讨论(0)
提交回复
热议问题