Amazon s3 – 403 Forbidden with Correct Bucket Poli

2019-06-21 13:22发布

站内问答 / 后端开发
1019 4 6

I'm trying to make all of the images I've stored in my s3 bucket publicly readable, using the following bucket policy. 

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": {
            "AWS": [
                "*"
            ]
        }
    }
]

}

I have 4 other similar s3 buckets with the same bucket policy, but I keep getting 403 errors.

The images in this bucket were transferred using s3cmd sync as I'm trying to migrate the contents of the bucket to a new account.

The only difference that I can see is that

  1. i'm using an IAM user with admin access, instead of the root user
  2. the files dont have a "grantee : everyone open/download file" permission on each of the files, something the files had in the old bucket

4条回答
【Aperson】
2楼-- · 2019-06-21 13:33

I've managed to solve it by running the s3cmd command again but adding --acl-public to the end of it. Seems to have fixed my issue

查看更多
0人赞 添加讨论(0) 举报
劳资没心,怎么记你
3楼-- · 2019-06-21 13:44

I Know this is an old question, but for whoever is having this issue and working from the AWS Console. Go to the bucket in AWS S3 console:

  1. Open the permissions tab.
  2. Open Public Access settings.
  3. Click edit

enter image description here

Then in the editing page :

  1. Uncheck Block new public bucket policies (Recommended)
  2. Uncheck Block public and cross-account access if bucket has public policies (Recommended)
  3. Click save

enter image description here

CAUTION

PLEASE NOTE THAT THIS WILL MAKE YOUR BUCKET ACCESSIBLE BY ANYONE ON THE INTERNET, EVENT IF THEY DO NOT HAVE AN AWS ACCOUNT, THEY STILL CAN ACCESS THE BUCKET AND THE BUCKET'S CONTENTS. PLEASE HANDLE WITH CAUTION!

查看更多
0人赞 添加讨论(0) 举报
仙女界的扛把子
4楼-- · 2019-06-21 13:46

From AWS Documentation
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

Not sure if the order or attributes matter here. I would give this one a try.

查看更多
0人赞 添加讨论(0) 举报
该账号已被封号
5楼-- · 2019-06-21 13:49

If you want everyone to access your S3 objects in the bucket, the principal should be "*", i.e., like this:

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": "*"
        }
    }
]

}

Source: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Principal

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)