• Register
0 votes
577 views

Problem :

I have coded one example for how to grant the user access to just one bucket.

After that I tested the config using my W3 Total Cache Wordpress plugin. However my test failed.

I also tried by reproducing the issue using below command :

aws s3 cp --acl=public-read --cache-control='max-age=604800, public' ./test.txt s3://my-bucket/

and that also failed with below error :

upload failed: ./test.txt to s3://my-bucket/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied

How can I upload to my bucket?

6 5 3
7,540 points

1 Answer

0 votes

Solution :

I also had the similar issue while uploading to the S3 bucket protected with the KWS encryption. I have the minimal policy that allows the addition of objects under the specific s3 key.

I needed to add the below listed KMS permissions to my policy to allow the role to put the objects in the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "kms:ListKeys",
                "kms:GenerateRandom",
                "kms:ListAliases",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "kms:ImportKeyMaterial",
                "kms:ListKeyPolicies",
                "kms:ListRetirableGrants",
                "kms:GetKeyPolicy",
                "kms:GenerateDataKeyWithoutPlaintext",
                "kms:ListResourceTags",
                "kms:ReEncryptFrom",
                "kms:ListGrants",
                "kms:GetParametersForImport",
                "kms:TagResource",
                "kms:Encrypt",
                "kms:GetKeyRotationStatus",
                "kms:GenerateDataKey",
                "kms:ReEncryptTo",
                "kms:DescribeKey"
            ],
            "Resource": "arn:aws:kms:<MY-REGION>:<MY-ACCOUNT>:key/<MY-KEY-GUID>"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
            <The S3 actions>
            ],
            "Resource": [
                "arn:aws:s3:::<MY-BUCKET-NAME>",
                "arn:aws:s3:::<MY-BUCKET-NAME>/<MY-BUCKET-KEY>/*"
            ]
        }
    ]
}

 

9 7 4
38,600 points

Related questions

0 votes
1 answer 494 views
494 views
Problem : I am facing following error : An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied Whenever I tried to get folder from my S5 bucket using following command : aws s5 cp s5://bucket-name/data/all-data/ . --recursive My IAM permissions for the ... ": [ "arn:aws:s5:::bucketname/*" ] } ] } What should I update to be able to execute copy and ls successfully?
asked Dec 5, 2019 alecxe 7.5k points
0 votes
1 answer 1.6K views
1.6K views
Problem : I want to setup the Amazon Linux AMI(ami-f0091d91) also I have the script that runs a copy command to copy from the S3 bucket as follows: aws --debug s3 cp s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.noarch.rpm . ... awscli.customizations.s3.s3handler - DEBUG - Exception caught during task execution: A client error (403) occurred when calling the HeadObject operation: Forbidden
asked Dec 9, 2019 alecxe 7.5k points
0 votes
1 answer 10 views
10 views
Problem: I am trying to create a Security Group using the AWS SDK but it is failing to authenticate it. For a very specific Access Key and Secret Key I have already provided the Administrative rights and then also it fails to validate. I also tried ... .java:1146) at com.sunil.demo.ec2.SetupEC2.createSecurityGroup(SetupEC2.java:84) at com.sunil.demo.ec2.SetupEC2.main(SetupEC2.java:25)
asked Aug 24 Raphael Pacheco 4.9k points
0 votes
0 answers 40 views
40 views
Problem: I have only managed to have the elementary knowledge on AWS. Currently I am trying to download all of the available files from the s3 bucket to the local machine. I have already installed AWS cli. After that I have tried to use the aws configure to ... the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records. Kindly guide me in fixing above AWS error.
asked Jun 22 Raphael Pacheco 4.9k points
0 votes
1 answer 23 views
23 views
Problem: Currently I am trying to run the DMelt programs with the help of Java9 (JDK9) but it is giving me the errors as: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.python.core.PySystemState (file:/dmelt/jehep/lib/jython/jython. ... to a last line of my script "dmelt.sh". I am using the bash in Linux, but it is not fixing this problem.
asked Sep 8 Raphael Pacheco 4.9k points