AWS S3 Bucket Permissions - Access Denied

Question

I am trying to give myself permission to download existing files in an S3 bucket. I\'ve modified the Bucket Policy, as follows:

        {
        \"Sid\": \"         


        

Answer 1

To clarify: It is really not documented well, but you need two access statements.

In addition to your statement that allows actions to resource "arn:aws:s3:::bucketname/AWSLogs/123123123123/*", you also need a second statement that allows ListBucket to "arn:aws:s3:::bucketname", because internally the Aws client will try to list the bucket to determine it exists before doing its action.

With the second statement, it should look like:

"Statement": [
    {
        "Sid": "someSID",
        "Action": "ActionThatYouMeantToAllow",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",
        "Principal": {
            "AWS": [
                "arn:aws:iam::123123123123:user/myuid"
            ]
    },
    {
        "Sid": "someOtherSID",
        "Action": "ListBucket",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::bucketname",
        "Principal": {
            "AWS": [
                "arn:aws:iam::123123123123:user/myuid"
            ]
    }
]

Note: If you're using IAM, skip the "Principal" part.