1. 技术文章
  2. Amazon s3 – 403 Forbidden with Correct Bucket Policy

Amazon s3 – 403 Forbidden with Correct Bucket Policy

雨燕双飞 提交于 2019-12-23 10:59:56

问题


I'm trying to make all of the images I've stored in my s3 bucket publicly readable, using the following bucket policy. 

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": {
            "AWS": [
                "*"
            ]
        }
    }
]

}

I have 4 other similar s3 buckets with the same bucket policy, but I keep getting 403 errors.

The images in this bucket were transferred using s3cmd sync as I'm trying to migrate the contents of the bucket to a new account.

The only difference that I can see is that

  1. i'm using an IAM user with admin access, instead of the root user
  2. the files dont have a "grantee : everyone open/download file" permission on each of the files, something the files had in the old bucket

回答1:


If you want everyone to access your S3 objects in the bucket, the principal should be "*", i.e., like this:

{
"Id": "Policy1380877762691",
"Statement": [
    {
        "Sid": "Stmt1380877761162",
        "Action": [
            "s3:GetObject"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::<bucket-name>/*",
        "Principal": "*"
        }
    }
]

}

Source: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Principal




回答2:


I've managed to solve it by running the s3cmd command again but adding --acl-public to the end of it. Seems to have fixed my issue




回答3:


I Know this is an old question, but for whoever is having this issue and working from the AWS Console. Go to the bucket in AWS S3 console:

  1. Open the permissions tab.
  2. Open Public Access settings.
  3. Click edit

Then in the editing page :

  1. Uncheck Block new public bucket policies (Recommended)
  2. Uncheck Block public and cross-account access if bucket has public policies (Recommended)
  3. Click save

CAUTION

PLEASE NOTE THAT THIS WILL MAKE YOUR BUCKET ACCESSIBLE BY ANYONE ON THE INTERNET, EVENT IF THEY DO NOT HAVE AN AWS ACCOUNT, THEY STILL CAN ACCESS THE BUCKET AND THE BUCKET'S CONTENTS. PLEASE HANDLE WITH CAUTION!




回答4:


From AWS Documentation
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

Not sure if the order or attributes matter here. I would give this one a try.



来源:https://stackoverflow.com/questions/31593047/amazon-s3-403-forbidden-with-correct-bucket-policy

标签
amazon-web-services
amazon-s3
permissions
s3cmd
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!