I'm logged into my IAM user account which has an administrator access policy attached, but every time I try to use S3, I keep getting an access denied error. I even tried re-adding the administrator policy and explicitly granting S3 full access, but nothing seems to work. Could someone help me figure this out? Thanks!
5 Answers
Could you provide a bit more detail on what happens when you try? Just saying 'I can’t use S3' doesn’t really help us understand the issue. What specific actions are getting blocked and what error messages are you seeing?
It sounds like there might be a bucket policy that explicitly denies your access. Those can override other permissions, so definitely check that out.
How are you trying to access the bucket? Is it through the web console, CLI, or an SDK? Also, check if there’s a bucket policy that might be explicitly denying your access. Those bucket policies can be sneaky!
I tried accessing it through the console first, then the CLI, but neither worked.
First things first, check your IAM policy for any explicit denies. Sometimes, there’s a rule that blocks access. Also, take a look at your bucket policy for similar issues. If there’s a Service Control Policy (SCP) applied that denies S3 as well, that could be the culprit. Lastly, if you're dealing with encrypted objects, make sure the KMS key policies are set up correctly. Good luck!
Update: Turns out my IAM account had an AccessKey Quarantine policy because some access keys were exposed in a GitHub repo. I removed that policy and now everything's working fine!
I couldn’t perform create, list, or delete operations due to an access keys quarantine policy from AWS that was placed on my account. I’ve fixed that issue now.