Skip to content

S3 permission error even if you have full access

Let's say that you have full access to S3 bucket. But, when you try to download a file from it using aws s3 cp command, you get a permission denied error. How to troubleshoot this?

The Identity policy is correct

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

AWS Console errors

In AWS Console, you be able to find object, but permission tab with errors: img.png img_1.png img_2.png

Reasons

If you faced these errors, it's probably because of the object owner is from another AWS account.

How to find the exact owner?

Using aws-cli command:

aws s3api list-objects --bucket <bucket name> --prefix <object prefix> --query 'Contents[].[Key, Owner.DisplayName, Owner.ID]' --output json

Example output:

[
    [
        "s3ObjectKey", // object key
        "owner", // owner name
        "0fca0123f13be1323eeb0b6a84bb49fe1236d87a0123a1b1d74c08c3faa0e66" // owner ID
    ]
]