使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

S3, Error executing "PutObject"

0

Hello. I was changing user rights (IAM) and broke something. Now my site is not uploading images to S3.

I use CloudFront ..

Error executing "PutObject" on "https://s3.eu-central-1.amazonaws.com/.../iblocks/31001/img/31001.png"; AWS HTTP error: Client error: `PUT https://s3.eu-central-1.amazonaws.com/.../iblocks/31001/img/31001.png` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided (truncated...)
InvalidAccessKeyId (client): The AWS Access Key Id you provided does not exist in our records. - <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>AKIAQ2UKU7ZBF5ATGKPA</AWSAccessKeyId><RequestId>YSJ3RF5Z0GZ0ZR88</RequestId>

Bucket policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::...:user/superadmin"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::backet",
                "arn:aws:s3:::backet/*"
            ]
        }
    ]
}
主题
存储安全、身份和合规性
标签
亚马逊简单存储服务 (S3)IAM 策略
语言
English
rePost-User-1980772
已提问 1 年前2600 查看次数
2 回答
1

The error message is saying that your IAM access key is either invalid (formatting issue, maybe?) or it isn't valid (it has been revoked from within the console). You can generate a new IAM access key in the console and then put it into your application.

Given that you've put the access key out in public, I'd be cancelling it anyway. While it's only one half of your credentials it's better to keep both parts (the access key and the secret access key) confidential.

Note that we discourage the use of long-lived credentials - if possible! It's much better security practice. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

profile pictureAWS
专家
Brettski-AWS
已回答 1 年前
  • rePost-User-1980772
    1 年前

    Thanks, but I created new IAM access keys in the console. It doesn't help.

  • rePost-User-1980772
    1 年前

    I added info about Bucket policy in my question

  • Brettski-AWS 专家
    1 年前

    This isn't an issue with the bucket policy - that would give you an "Access Denied" error.

  • rePost-User-1980772
    1 年前

    Maby it is about Object Ownership in AWS? Or maby some cache in the AWS or the server. How can i check with which keys i use AWS through SDK PHP (some logs).

  • rePost-User-1980772
    1 年前

    I deployed the site locally, the images began to upload successfully. It seems AWS stopped liking my server.

0

Why is Action "Action": "s3:*". Shouldn't it be s3:PutObject and s3:GetObject?

https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html

jschwar313
已回答 1 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容