Please help me how to resolve this 403 Forbidden error on my images stored in S3. I already checked this resource: https://repost.aws/knowledge-center/s3-403-forbidden-error in the knowledge base but nothing has changed. The IAM role has the full S3 access, the "Block Public Access" is turned off, I have the following in stated in the bucket policy:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::4177xxxxxxxx:role/PinoyAgriSite-Role"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx",
"arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/resources/environments/*",
"arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx/S3-Uploads-Media/*"
]
},
{
"Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-4177xxxxxxxx"
}
]
}
I have the following in the CORS:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"https://pinoyagri.com"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
I also have the necessary permissions in ACL, I didn't set up for AWS KMS, I don't use AWS Organizations, and I also don't have settings in the policy that deny uploading to my bucket. Any idea what am I missing? Thanks!
Public block access is also an account-level setting, so please make sure it is turned off by following the steps in the document below. https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html
Thank you for guiding me Riku! I checked again and I can see that "Block Public Access" is completely turned off overall. As for the error, I checked the www-error.log and this is what I found "[06-Oct-2023 01:07:12 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/media.php on line 5305 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from s3://elasticbeanstalk-ap-southeast-1-417xxxxxxxxx/S3-Uploads-Media/uploads/2023/10/composer-258.png! in /var/app/current/wp-includes/functions.php on line 3268 [06-Oct-2023 01:07:13 UTC] PHP Notice: getimagesize(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/media.php on line 5307 [06-Oct-2023 01:07:13 UTC] PHP Notice: exif_imagetype(): Error reading from /tmp/composer-258-UYJzqn.tmp! in /var/app/current/wp-includes/functions.php on line 3268"
When I checked in the browser developer console, I see the status code is "403 Forbidden". When try to load the URL: https://elasticbeanstalk-ap-southeast-1-4177xxxxxxxx.s3.amazonaws.com/S3-Uploads-Media/uploads/2023/10/guest-details.png in the browser, this is the result "<Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>xx2WD9xxxxxxxxxx</RequestId> <HostId>xxxxxxxxxxxx6zZHZpxbNzmayWD992000fVfk0eavQVUvwDXgSW/Q/2qBT6xrc14xxxxxxxxxxx=</HostId> </Error>"
Thank you for checking the log. What happens once I try to delete the bucket policy? If you can now display images after deleting the bucket policy, there is a problem with the bucket policy.
To access this object URL, you need to set the bucket policy to allow getobject from all sources.