发表新帖
发表新帖

AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden

前端 未结
关注
21 2012
不要未来只要你来
不要未来只要你来 2020-12-03 04:03

I\'m trying to setup a Amazon Linux AMI(ami-f0091d91) and have a script that runs a copy command to copy from a S3 bucket.

 aws --debug s3 cp s3://aws-codede
相关标签:
21条回答
  • 别跟我提以往
    2020-12-03 04:49 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAllS3ActionsInUserFolder",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::your_bucket_name",
                "arn:aws:s3:::your_bucket_name/*"
            ]
        }
    ]
}

    Adding both "arn:aws:s3:::your_bucket_name" and "arn:aws:s3:::your_bucket_name/*" to policy congiguration fixed the issue for me.

    0 讨论(0)
  • 离开以前
    2020-12-03 04:53

    403 - means I know who you are but you are not authorized to do what you asking.

    In my case, the problem was in a Policy - I didn't choose an object when specified the Policy in Visual Editor

    0 讨论(0)
  • 暗喜
    2020-12-03 04:54

    I was getting a 403 on HEAD requests while the GET requests were working. It turned out to be the CORS config in s3 permissions. I had to add HEAD

    <?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
    0 讨论(0)
  • 长情又很酷
    2020-12-03 04:56

    I figured it out. I had an error in my cloud formation template that was creating the EC2 instances. As a result, the EC2 instances that were trying to access the above code deploy buckets, were in different regions (not us-west-2). It seems like the access policies on the buckets (owned by Amazon) only allow access from the region they belong in. When I fixed the error in my template (it was wrong parameter map), the error disappeared

    0 讨论(0)
  • 误落风尘
    2020-12-03 04:56

    I have also experienced this scenario.

    I have a bucket with policy that uses AWS4-HMAC-SHA256. Turns out my awscli is not updated to the latest version. Mine was aws-cli/1.10.8. Upgrading it have solved the problem.

    pip install awscli --upgrade --user

    https://docs.aws.amazon.com/cli/latest/userguide/installing.html

    0 讨论(0)
  • 小蘑菇
    2020-12-03 04:57

    One of the reasons for this could be if you try accessing buckets of a region which requires V4-Signing. Try explicitly providing the region, as --region cn-north-1

    0 讨论(0)
 看不清?
提交回复
热议问题