Why am I getting an Access Denied error when I open the URL to an Amazon S3 object that I have access to?

2 minute read

I have permission to access an object in Amazon Simple Storage Service (Amazon S3) bucket. I opened the URL in the Amazon S3 console for that object. However, I got an Access Denied error message. How can I fix this?

Short description

The URL to the Amazon S3 object doesn't include your user credentials, so the request to the object is anonymous. Amazon S3 returns an Access Denied error for anonymous requests to objects that aren't public.


Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent version of the AWS CLI.

Do one of the following:

Download the object using the Amazon S3 console, AWS CLI, AWS SDKs, or REST API. For instructions, see Downloading an object.


Include the user credentials in the object request using a presigned URL. For instructions, see Sharing objects using presigned URLs.

Important: It's a security best practice to keep objects private and to set up users with a presigned URL for authenticated requests to access objects. However, if your use case supports public read access to your objects that requires you to access using the URL, then modify the objects permission. To set up public read access to the object, see Granting read-only permission to an anonymous user.

Related information

Configuring ACLs

Identity and access management in Amazon S3

AWS OFFICIALUpdated 3 years ago