There are a few other questions on this issue:

boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

S3ResponseError: S3ResponseError: 403 Forbidden

S3ResponseError: 403 Forbidden using boto

Python: Amazon S3 cannot get the bucket: says 403 Forbidden

However, it seems I may be having a different problem (e.g., clock skew is not an issue and I already tried setting validate=False, and I believe I have the correct key and secret key because trying a bogus key or secret key gives me different errors). Here is my script:

import boto
import sys
from boto.s3.key import Key

BUCKET_NAME = sys.argv[1]
AWS_ACCESS_KEY_ID = sys.argv[2]
AWS_SECRET_ACCESS_KEY = sys.argv[3]

conn = boto.connect_s3(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
bucket = conn.get_bucket(BUCKET_NAME, validate=False)
k = Key(bucket)
k.key = 'barbaz'
k.set_contents_from_filename('/tmp/barbaz.txt')

And the result:

Traceback (most recent call last):
  File "/home/jonderry/sdmain/src/scripts/jenkins/upload_to_s3.py", line 16, in <module>
    k.set_contents_from_filename('/tmp/barbaz.txt')
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 1360, in set_contents_from_filename
    encrypt_key=encrypt_key)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 1291, in set_contents_from_file
    chunked_transfer=chunked_transfer, size=size)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 748, in send_file
    chunked_transfer=chunked_transfer, size=size)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 949, in _send_file_internal
    query_args=query_args
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 664, in make_request
    retry_handler=retry_handler
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1068, in make_request
    retry_handler=retry_handler)
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 939, in _mexe
    request.body, request.headers)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 882, in sender
    response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>***someRequestId***</RequestId><HostId>***someHostId</HostId></Error>

Any ideas what is the problem, or how to diagnose further?

It looks like that you do not have the right to write on this bucket. What is the bucket policy? Can you make sure that this IAM user can put on this bucket?

This will also happen if your machine's time settings are incorrect

I had this issue too where I tried validate=False, and ntpdate, and giving "Authenticated Users" the permission to upload/delete on AWS. My resolution is probably rare, but just in case anyone else did this:

I started running my Django app with credentials in my environment for my bucket 'xyz'. Then I changed the credentials to upload to my friend's bucket 'abc'. There was a mismatch between these credentials, so all I needed to do was restart gunicorn.