Inaccessible item in my bucket

0

Hi!

My user has AmazonS3FullAccess Policy attached and im able to aws s3 cp s3://bucket/private/maxresdefault_1.jpg

But there are some items in the root of that bucket where i get this error

aws s3api get-object-acl --bucket bucket --key zyg5cjuQ004SN An error occurred (AccessDenied) when calling the GetObjectAcl operation: Access Denied

If i use AWS web console and go to the permissions of this very file with my root user i get: You don’t have permission to get object ACL

The Policy for this bucket is: { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": "", "Action": "s3:", "Resource": "arn:aws:s3:::bucket/*" } ] }

Whats wrong here? And how do i get access to those files. Why is the root user blocked?

2 Answers
3
Accepted Answer

Sounds like you have ACL enabled on the bucket instead of the recommended Disable ACL bucket owner owns all objects.

It could be that a file was copied in from a different AWS account and because ACLs are enabled, the account that copied the object in has an ACL set on it.

Bucket and object permissions are independent of each other. An object does not inherit the permissions from its bucket. For example, if you create a bucket and grant write access to a user, you can't access that user’s objects unless the user explicitly grants you access.

Useful page here https://docs.aws.amazon.com/AmazonS3/latest/userguide/managing-acls.html

profile picture
EXPERT
answered 5 months ago
profile picture
EXPERT
reviewed 5 months ago
profile picture
EXPERT
reviewed 5 months ago
  • Thanks! That did the trick.

0

To troubleshoot this issue, you can try the following steps:

Check Object ACL: Use the AWS Management Console or the aws s3api get-object-acl command to inspect the ACL for the specific object (zyg5cjuQ004SN). Look for any explicit deny entries that might be preventing access.

Ensure that there are no conflicting policies or explicit deny statements in the bucket policy that might be overriding the intended permissions.

If there are IAM policies attached to your user or any IAM roles that grant access to the S3 bucket, review them to ensure there are no conflicting permissions.

After doing the above checks i suggest you reach out to AWS Support for further assistance. They can help troubleshoot the permissions issue and provide guidance on resolving it

profile picture
EXPERT
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions