Presigned URL file upload Access Denied

Hello, I am able to upload files using a presigned url, but after I block all public access in my aws s3 ui, I am not able to upload the file using my presigned url. I get this this error in my response:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>7EZHE5ZX8PHAPB4W</RequestId>
<HostId>aB4Sknz9qksQXXfdDvLCS+aObxQhzoyOOIKAf5QJ8z+SJfW/tVcvLv7f1jsug9IXJE9buQy7Waw=</HostId>
</Error>
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>7EZHE5ZX8PHAPB4W</RequestId>
<HostId>aB4Sknz9qksQXXfdDvLCS+aObxQhzoyOOIKAf5QJ8z+SJfW/tVcvLv7f1jsug9IXJE9buQy7Waw=</HostId>
</Error>
This is my cors config:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2"
],
"MaxAgeSeconds": 3000
}
]
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2"
],
"MaxAgeSeconds": 3000
}
]
I think it is a s3 configuration issue but I am not sure what I am missing.
5 Replies
Endgame1013
Endgame10132y ago
I would check the IAM role you are using to generate the presigned url.
utdev
utdevOP2y ago
@Endgame1013 I already gave the iam role full s3 access
JulieCezar
JulieCezar2y ago
Did you set Bucket policy? It didn't work for me until I did.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicAccessImages",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/pictures/*"
},
{
"Sid": "PrivateAccessImages",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<YOUR_IAM>:root"
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/books/*"
}
]
}

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicAccessImages",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/pictures/*"
},
{
"Sid": "PrivateAccessImages",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<YOUR_IAM>:root"
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/books/*"
}
]
}
utdev
utdevOP2y ago
@JulieCezar This is my bucket policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::test-bucket"
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*Object",
"Resource": "arn:aws:s3:::test-bucket/*"
},
{
"Sid": "Stmt1670252800354",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::test-bucket"
},
{
"Sid": "AllowPutObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": "arn:aws:s3:::test-bucket/*"
},
{
"Sid": "AllowGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl"
],
"Resource": "arn:aws:s3:::test-bucket/*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::test-bucket"
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*Object",
"Resource": "arn:aws:s3:::test-bucket/*"
},
{
"Sid": "Stmt1670252800354",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::test-bucket"
},
{
"Sid": "AllowPutObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": "arn:aws:s3:::test-bucket/*"
},
{
"Sid": "AllowGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl"
],
"Resource": "arn:aws:s3:::test-bucket/*"
}
]
}
JulieCezar
JulieCezar2y ago
Is your bucket public or private? If it's private you need the
"Principal": {
"AWS": "arn:aws:iam::<YOUR_IAM>:root"
},
"Principal": {
"AWS": "arn:aws:iam::<YOUR_IAM>:root"
},
Because everything else looks okey to me... I'm no expert for AWS but I would maybe try
"Principal": "*"
"Principal": "*"
insted of what you have
"Principal": {
"AWS": "*"
}
"Principal": {
"AWS": "*"
}
Want results from more Discord servers?
Add your server