• Register
0 votes
706 views

Problem :

I have coded one example for how to grant the user access to just one bucket.

After that I tested the config using my W3 Total Cache Wordpress plugin. However my test failed.

I also tried by reproducing the issue using below command :

aws s3 cp --acl=public-read --cache-control='max-age=604800, public' ./test.txt s3://my-bucket/

and that also failed with below error :

upload failed: ./test.txt to s3://my-bucket/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied

How can I upload to my bucket?

6 5 3
7,540 points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

I also had the similar issue while uploading to the S3 bucket protected with the KWS encryption. I have the minimal policy that allows the addition of objects under the specific s3 key.

I needed to add the below listed KMS permissions to my policy to allow the role to put the objects in the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "kms:ListKeys",
                "kms:GenerateRandom",
                "kms:ListAliases",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "kms:ImportKeyMaterial",
                "kms:ListKeyPolicies",
                "kms:ListRetirableGrants",
                "kms:GetKeyPolicy",
                "kms:GenerateDataKeyWithoutPlaintext",
                "kms:ListResourceTags",
                "kms:ReEncryptFrom",
                "kms:ListGrants",
                "kms:GetParametersForImport",
                "kms:TagResource",
                "kms:Encrypt",
                "kms:GetKeyRotationStatus",
                "kms:GenerateDataKey",
                "kms:ReEncryptTo",
                "kms:DescribeKey"
            ],
            "Resource": "arn:aws:kms:<MY-REGION>:<MY-ACCOUNT>:key/<MY-KEY-GUID>"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
            <The S3 actions>
            ],
            "Resource": [
                "arn:aws:s3:::<MY-BUCKET-NAME>",
                "arn:aws:s3:::<MY-BUCKET-NAME>/<MY-BUCKET-KEY>/*"
            ]
        }
    ]
}

 

9 7 4
38,600 points

Related questions

0 votes
1 answer 799 views
799 views
Problem : I am facing following error : An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied Whenever I tried to get folder from my S5 bucket using following command : aws s5 cp s5://bucket-name/data/all-data/ . --recursive My IAM permissions for the ... ": [ "arn:aws:s5:::bucketname/*" ] } ] } What should I update to be able to execute copy and ls successfully?
asked Dec 5, 2019 alecxe 7.5k points
0 votes
1 answer 2K views
2K views
Problem : I want to setup the Amazon Linux AMI(ami-f0091d91) also I have the script that runs a copy command to copy from the S3 bucket as follows: aws --debug s3 cp s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.noarch.rpm . ... awscli.customizations.s3.s3handler - DEBUG - Exception caught during task execution: A client error (403) occurred when calling the HeadObject operation: Forbidden
asked Dec 9, 2019 alecxe 7.5k points
0 votes
1 answer 16 views
16 views
Problem: I am trying to create a Security Group using the AWS SDK but it is failing to authenticate it. For a very specific Access Key and Secret Key I have already provided the Administrative rights and then also it fails to validate. I also tried ... .java:1146) at com.sunil.demo.ec2.SetupEC2.createSecurityGroup(SetupEC2.java:84) at com.sunil.demo.ec2.SetupEC2.main(SetupEC2.java:25)
asked Aug 24, 2020 Raphael Pacheco 4.9k points
0 votes
0 answers 101 views
101 views
Problem: I have only managed to have the elementary knowledge on AWS. Currently I am trying to download all of the available files from the s3 bucket to the local machine. I have already installed AWS cli. After that I have tried to use the aws configure to ... the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records. Kindly guide me in fixing above AWS error.
asked Jun 22, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 27 views
27 views
Problem: Currently I am trying to run the DMelt programs with the help of Java9 (JDK9) but it is giving me the errors as: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.python.core.PySystemState (file:/dmelt/jehep/lib/jython/jython. ... to a last line of my script "dmelt.sh". I am using the bash in Linux, but it is not fixing this problem.
asked Sep 8, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 274 views
274 views
Problem : I am currently facing an issue with MySQL! I am the cPanel user, and I am looking for the solution on my issue. It seems this is more specific than other people with the same error codes issues. Please find below my code for the reference: DELIMITER $$ ... from the code: MySQL said: Documentation #1227 - Access denied; you need (at least one of) the SUPER privilege(s) for this operation
asked Nov 21, 2019 peterlaw 6.9k points
0 votes
1 answer 104 views
104 views
Problem : I have searched on a web for over two days now, and probably have looked through most of a online documented scenarios and workarounds, but nothing realy worked for me so far. I am on a AWS SDK for PHP V2.8.7 running on PHP 5.3. I want to ... pass in the information (example: profile and including credentials in code) but nothing is working at the moment for me. Any solution on my error?
asked Jan 18, 2020 jwilliam 3.9k points
0 votes
1 answer 33 views
33 views
Problem: I am na&iuml;ve to Jenkins. I can run the Jenkins and it is successfully working with the Github account but I am simply unable to get it working properly with the Amazon S3. I have already installed a S3 plugin and if I run my build it successfully uploads to ... up in my root of my S3 account. Is it possible for someone to get my S3 plugin to upload and then retain my folder structure?
asked Aug 5, 2020 Raphael Pacheco 4.9k points