Access denied to s3

Question

Access denied to s3

I tried loading on s3, and when I see the logs from the s3 bucket logs, this is what it says:

mybucket-me [17/Oct/2013:08:18:57 +0000] 120.28.112.39 arn:aws:sts::778671367984:federated-user/ dean@player.com BB3AA9C408C0D26F REST.POST.BUCKET avatars/dean%2540player.com/4.png "POST / HTTP/1.1" 403 AccessDenied 231 - 132 - "http://localhost:8080/ajaxupload/test.html" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" -

I was denied access. From where he points out, I think the only thing I am missing is adding a bucket policy. So here.

Using my email address, I can log in to my application and upload an avatar. The name of the bucket in which I want to place my avatar is mybucket-me and it has a sub-cover under the avatars.

 -mybucket-me -avatars -dean@player.com //dynamic based on who are logged in -myavatar.png //image uploaded

How to add a bucket policy so that I can provide a federation like me to load in s3 , or what is the correct instruction that I will add in my bucket policy so that it can give me permission to load in our bucket ?

+8

amazon amazon-s3 amazon-web-services policy bucket

Wondering coder Oct 17 '13 at 11:07

source share

3 answers

prestomation · Answer 1 · 2013-10-17T11:30:21+0000

You can attach the following policy to the basket:

 { "Version": "2008-10-17", "Id": "Policy1358656005371", "Statement": [ { "Sid": "Stmt1354655992561", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:sts::778671367984:federated-user/ dean@player.com " ] }, "Action": [ "s3:List*", "s3:Get*" ], "Resource": [ "arn:aws:s3:::my.bucket", "arn:aws:s3:::my.bucket/*" ] } ] }

grant federated user dean@player.com read-only permissions on 'my.bucket'.

This policy is not very convenient to maintain because it, in particular, calls this user. To provide access only to specific federated users in a more scalable way, it would be better to do this when you call GetFederationToken. If you publish your STS code, I can help you assign a policy there, but it is very similar to the one above.

kenorb · Answer 2 · 2017-09-29T13:27:55+0000

To load into S3 basket, you need to add / create IAM / group policy, for example:

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::test"] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": ["arn:aws:s3:::test/*"] } ] }

Where arn:aws:s3:::test is your Amazon Resource Name (ARN).

Source: IAM Policy Writing: Granting Access to Amazon S3 Bucket

on this topic:

Sebastien horin · Answer 3 · 2019-04-30T12:44:11+0000

2019+

Now you must either:

Set Block new public ACLs and load public objects to false if your elements are public (top left policy in the picture)

Set acl: 'private' when uploading your image if your elements are private

Example in Node.js:

 const upload = multer({ storage: multerS3({ s3: s3, bucket: 'moodboard-img', acl: 'private', metadata: function (req, file, cb) { cb(null, {fieldName: file.fieldname}); }, key: function (req, file, cb) { cb(null, Date.now().toString()) } }) })

Access denied to s3

2019+

More articles: