Access Denied to files in an Amazon S3 Bucket |
Dec
19
|
« sp_SDS Stored Procedure updated to work with SQL Server 2008 R2 & SQL Server 2012 | GoTo Meeting Tips » |
I use a PowerShell script to upload my WordPress content to Amazon’s S3 Storage Services which is globally distributed by Amazon’s Cloudfront service. Recently Amazon changed its default security; if you upload a file to a bucket it does not inherit the buckets top level security. You need to put a Bucket Policy in place. In this example I will set the anonymous users to be able to read objects in the bucket.
Access Denied error:
This is the error you receive when you do not have a Bucket Policy in place.
This XML file does not appear to have any style information associated with it. The document tree is shown below.
|
Creating a Bucket Policy:
You use the AWS Policy Generator to generate a Bucket Policy. There are several examples online and Amazon has a ton of examples.
http://awspolicygen.s3.amazonaws.com/policygen.html
1. Select “S3 Bucket Policy”
2. Set the “Effect” to “Allow”
3. Under “Actions” check off “GetObject”
4. Set the Amazon Resouce Name (ARN) to “arn:aws:s3:::<bucket_name>/<key_name>“, in this case the Bucket name is bucket01 the key is usually set to *
5. Press “Add Statement”
6. Press Generate Policy. This will generate the policy you will need to add to your bucket
7. Copy the policy into your clipboard
8. Open your bucket in the AWS Management Console: http://aws.amazon.com/console/
9. Go to Properties and select “Add bucket policy”
10. Paste the Policy into the Editor
11. Press Save
TIP: Sometimes if you have extra white space or missing a line you will get this error. Go back to the policy generator and re-copy the policy and try it again
When you try to access new uploaded pictures you should be able to see them with no problem now