aws s3 cp returns An error occurred (403) when calling the HeadObject operation: Forbidden
14,254
s3://s3-us-west-2.amazonaws.com/my-test-bucket/intro.jpg
refers to a bucket named s3-us-west-2.amazonaws.com
and the object key my-test-bucket/intro.jpg
.
Access is denied because that isn't your bucket.
The correct URI here would be s3://my-test-bucket/intro.jpg
.
Author by
Alexey Kucherenko
Updated on June 18, 2022Comments
-
Alexey Kucherenko almost 2 years
Foreword
I guess it may be a duplication but other posts with the same problem didn't help me much.
A problem
aws s3 cp s3://s3-us-west-2.amazonaws.com/my-test-bucket/intro.jpg test.jpg
Outputs the following:
fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
Bucket Policy:
Some notes{ "Version": "2012-10-17", "Id": "Policy1539624480514", "Statement": [ { "Sid": "Stmt1539624478431", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::my-test-bucket", "arn:aws:s3:::my-test-bucket/*" ] } ] }
intro.jpg
was added by user A (who has AdministratorAccess) via AWS Console Dashboard (it's not copy file between buckets)aws sts get-caller-identity
returns me information about user A{ "UserId": "AIDXXXX3KDQHYYYYXRLO", "Account": "765123991235", "Arn": "arn:aws:iam::765123991235:user/[email protected]" }
cat ~/.aws/config
[default] region = us-west-2 output = json
cat ~/.aws/credentials
points to user A access key and secret
[default] aws_access_key_id = AZZZIXXXXJQZA6YYYYUQ aws_secret_access_key = <<<<<<<<<KEY REMOVED>>>>>>>>
aws s3 ls
returns the correct list of buckets- time is synced on my local machine correctly