- Newest
- Most votes
- Most comments
Still the s3 bucket policy is difficult to interpret.. Json format is not in correct format and s3 arn under the resources do not looks good: such as "Resource": "arn.aws:3:.raw/*" (which seems incomplete and incorrect)
Generally 403 forbidden error in Amazon s3 occurs due to various reason:
-> If your bucket is encrypted and IAM users/roles do not have permission to use KMS (AWS Key management service) key.
-> If there is explicit deny in the bucket policy to specific IAM users or roles.
-> If certain permission are missing that users needs to perform for example, the bucket policy doesn’t include permission to the s3:PutObject action. If the IAM user tries to upload objects, then the user gets an Access Denied error.
-> AWS organizations service control policy doesn't allow access to Amazon s3..
-> Other policy error :
- Check that there aren’t any extra spaces/special character or incorrect ARNs in the bucket policy or IAM user policies.
For example, if an IAM policy has an extra space in the Amazon Resource Name (ARN) as follows: arn:aws:s3::: DOC-EXAMPLE-BUCKET/*. In this case, the ARN is then incorrectly evaluated as arn:aws:s3:::%20DOC-EXAMPLE-BUCKET/ and gives the IAM user an access denied error.
There are several AWS public document on this. You can refers to below document and see if this helps..
https://docs.aws.amazon.com/AmazonS3/latest/userguide/troubleshoot-403-errors.html
I’m trying to fetch the files from nested folders how the policy should be ?
Relevant content
- Accepted Answerasked 3 years ago
- asked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi, your bucket policy is a mess and really hard to interpret. Can you copy and paste your current bucket policy from S3 bucket permissions page?
I have updated the bucket policy , let me know or any guidance how to overcome the exception
Did you really copy & paste this from your actual bucket policy? The bucket policy is not even a valid JSON...
First of all you need to learn the correct policy syntax in IAM User Guide and S3 User Guide.