发表新帖
发表新帖

AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden

前端 未结
关注
21 2010
不要未来只要你来
不要未来只要你来 2020-12-03 04:03

I\'m trying to setup a Amazon Linux AMI(ami-f0091d91) and have a script that runs a copy command to copy from a S3 bucket.

 aws --debug s3 cp s3://aws-codede
相关标签:
21条回答
  • 梦如初夏
    2020-12-03 04:35

    in my case the problem was the Resource statement in the user access policy.

    First we had "Resource": "arn:aws:s3:::BUCKET_NAME", but in order to have access to objects within a bucket you need a /* at the end: "Resource": "arn:aws:s3:::BUCKET_NAME/*"

    From the AWS documentation:

    Bucket access permissions specify which users are allowed access to the objects in a bucket and which types of access they have. Object access permissions specify which users are allowed access to the object and which types of access they have. For example, one user might have only read permission, while another might have read and write permissions.

    0 讨论(0)
  • -上瘾入骨i
    2020-12-03 04:39

    When I faced this issue, I discovered that my problem was that the files in the 'Source Account' were copied there by a 'third party' and the Owner was not the Source Account.

    I had to recopy the objects to themselves in the same bucket with the --metadata-directive REPLACE

    Detailed explanation in Amazon Documentation

    0 讨论(0)
  • 轮回少年
    2020-12-03 04:41

    I got this fixed by setting the system time correctly.

    Ensure the aws bucket region is right and your system time matches the aws region time

    0 讨论(0)
  • 孤独总比滥情好
    2020-12-03 04:43

    If running in an environment where the credential/role is not clear, be sure you included the --profile=yourprofile flag so the cli knows what credentials to use. For example:

    aws s3 cp s3://yourbucket destination.txt --profile=yourprofile

    will succeed while the following yielded the HeadObject error

    aws s3 cp s3://yourbucket destination.txt

    The profile settings reference entries in your config and credentials files.

    0 讨论(0)
  • 时光取名叫无心
    2020-12-03 04:43

    Permissions

    You need the s3:GetObject permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

    If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

    The following operation is related to HeadObject:

    GetObject

    Source: https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html

    0 讨论(0)
  • 你的背包
    2020-12-03 04:44

    I got this error with a mis-configured test event. I changed the source buckets ARN but forgot to edit the default S3 bucket name.

    I.e. make sure that in the bucket section of the test event both the ARN and bucket name are set correctly:

    "bucket": {
  "arn": "arn:aws:s3:::your_bucket_name",
  "name": "your_bucket_name",
  "ownerIdentity": {
    "principalId": "EXAMPLE"
  }
    0 讨论(0)
 看不清?
提交回复
热议问题