Amazon S3 file 'Access Denied' exception i

I've 2 AWS accounts. Account A has S3 bucket 'BUCKET' in which I've put file using Java api. I've configured my 'BUCKET' policy to allow cross-account file publishing. But, when I try to open this file from Account A, it says AccessDeniedAccess Denied with hostId and requestId.

This file is published through Account B using java api, and this file has same size as that published through api. I tried to change file sizes and the new sizes were shown on AWS S3 console. Here is my bucket policy:

    {
"Version": "2008-10-17",
"Id": "Policy1357935677554",
"Statement": [
    {
        "Sid": "Stmt1357935647218",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
        },
        "Action": "s3:ListBucket",
        "Resource": "arn:aws:s3:::bucket-name"
    },
    {
        "Sid": "Stmt1357935676138",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
        },
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::bucket-name/*"
    },
    {
        "Sid": "Stmt1357935676138",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::bucket-name/*"
    },
    {
        "Sid": "Stmt1357935647218",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTA:user/accounta-user"
        },
        "Action": "s3:ListBucket",
        "Resource": "arn:aws:s3:::bucket-name"
    },
    {
        "Sid": "Stmt1357935676138",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTA:user/accounta-user"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::bucket-name/*"
    },
    {
        "Sid": "Stmt1357935676138",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::ACCOUNTA:root"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::bucket-name/*"
    }
]

}

The problem is when I try to download/open this file from Account A, I'm not able to open it.

The problem is that by default, when AWS (cli or SDK) upload a file it grants access to the uploader only through s3 ACLs.

In that case, to allow the owner to read the uploaded file, the uploader has to explicitly grant access to the owner of the bucket during the upload. Ex:

with the aws CLI (documentation here): aws s3api put-object --bucket <bucketname> --key <filename> --acl bucket-owner-full-control
with the nodejs API (documentation here): you have to set the params.ACL property of the AWS.S3.upload method to "bucket-owner-full-control"

In parallel, you can also ensure that the Bucket Owner Has Full Control with the bucket policy, (additional documentation here):

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Grant Owner Full control dev", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNTB:root" }, "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::bucket-name/*" ], "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } } ] }