Geek Answers Handbook

Getting a ban on s3 when trying to upload a file

I have a bucket on s3, and the user is given full access to this bucket.

I can execute the command lsand see the files in the bucket, but downloading them fails:

A client error (403) occurred when calling the HeadObject operation: Forbidden

I also tried to do this by giving the user full S3 permissions through the IAM console. Same problem.

For reference, here is my IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::mybucket",
                "arn:aws:s3:::mybucket/*"
            ]
        }
    ]
}

I also tried to add the bucket policy, even making the bucket public, and still have not left ... also, from the console, I tried to set individual permissions on the files in the bucket and received an error saying that I can’t look at the bucket, which is strange , since I was viewing it from the console when a message appeared, and maybe lssomething in the bucket.

EDIT , , . ...

2nd EDIT , , . , .

!

+6
3

, . , , / , . , AWS, ( ). ( A1) , (A2). - 1 , . 3 :

  • . $export AWS_DEFAULT_PROFILE=A2 , , ~/.aws/credentials ~/.aws/config [default]. .
  • : aws s3 cp foo s3://mybucket --profile A2
  • aws s3 cp foo s3://mybucket --acl bucket-owner-full-control ( ): aws s3 cp foo s3://mybucket --acl bucket-owner-full-control

, AWS. , , . , .., aws configure --profile Foo. .

( ), .

+5

, :

[...]
{
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::123456789012::user/their-user"
    },
    "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
    ],
    "Resource": "arn:aws:s3:::my-bucket/*"
}

, , .

ACL . Python:

import boto3

client = boto3.client('s3')
local_file_path = '/home/me/data.csv'
bucket_name = 'my-bucket'
bucket_file_path = 'exports/data.csv'
client.upload_file(
    local_file_path,
    bucket_name, 
    bucket_file_path, 
    ExtraArgs={'ACL':'bucket-owner-full-control'}
)

source: https://medium.com/artificial-industry/how-to-download-files-that-others-put-in-your-aws-s3-bucket-2269e20ed041 (disclaimer: written by me)

0
source

More articles:


All Articles