Hi Mark, I’ve tested this in my own account for you. By interrogating the ‘get-public-access-block’ api call, it seems that when an S3 bucket is created via the CLI, no public access block configuration is created, unless you specify it. When I enable public access block and then remove it, I can see the equivalent of an explicit allow. So rather, Public access is not enabled by default on buckets created in the console, but is enabled when created via CLI. [ec2-user@ip-172-31-41-17 ~]$ aws s3 mb s3://publicblocktest123 make_bucket: publicblocktest123 [ec2-user@ip-172-31-41-17 ~]$ aws s3api get-public-access-block --bucket publicblocktest123 An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the GetPublicAccessBlock operation: The public access block configuration was not found I then disabled and enabled public block access [ec2-user@ip-172-31-41-17 ~]$ aws s3api get-public-access-block --bucket publicblocktest123 { "PublicAccessBlockConfiguration": { "IgnorePublicAcls": false, "BlockPublicPolicy": false, "BlockPublicAcls": false, "RestrictPublicBuckets": false } } Solving - S3 Access Denied when calling PutObject #The S3 error "(AccessDenied) when calling the PutObject operation" occurs when we try to upload a file to an S3 bucket without having the necessary permissions. In order to solve the "(AccessDenied) when calling the PutObject operation" error:
Make sure to replace the YOUR_BUCKET placeholder with the name of your s3 bucket. Don't attach this policy as a bucket policy. Rather attach it to the user that is trying to upload files to the S3 bucket or to the corresponding role (e.g. of a lambda function or EC2 instance). Copied! { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::YOUR_BUCKET", "arn:aws:s3:::YOUR_BUCKET/*" ], "Effect": "Allow" } ] }Note that S3 is a globally distributed service and it might take a minute or two for the policy to take effect. Once the policy is attached to the IAM entity, you will be able to upload files to your S3 bucket. Further Reading #
|