AWS S3 | Access denied | Unable to grant public access to an existing S3 bucket
Unable to grant public access to an existing S3 bucket?
Have you ever come across this frustrating situation, when your developer suddenly asks you to enable public access to an existing private S3 bucket. You try to enable it through the console but, this gives you an error message as below.
You have tried all possible ways to fix the issue by checking if the bucket policy is correct, or the IAM user has enough privilege to perform this task.
Then, at the end of this article, you will be amazed to see that the solution is about simplicity.
Here on my S3 console, you can see there is a bucket (something today), which is not Public.
See the message (Bucket and objects not public)
The above message confirms that the bucket and the objects inside don`t have any public access.
- Now, you have tried to enable public access to this bucket in the below way.
- You selected the bucket.
Then, a pop-up window comes with the permission
Then you clicked on Permission and that leads you to this permission page.
There you would easily move to Access Control List(2 on the picture)
You Navigate to the “Public access” section and select “Everyone” checked all the checkbox(2) and click on Save(3)
Then to your disappointment, you get an error as “Access denied”
Now thinking rather than scratching your head to find out what was wrong.
Now, you will think for a while and create a bucket policy to solve this issue. The policy maybe something like this
Even that also gives you with error “Access denied” error.
Now, you probably will check if the IAM user has a correct policy to perform this task, etc.
But, to get that bucket public access and create a bucket policy, the bucket should first have
“Public access settings” configured correctly.
Let’s work on a solution now.
- Click on your bucket
- Go to Permissions
- Select “Public access settings”
- This will provide a new popup and, you click on “edit”
Read all these 4 checks and uncheck them as per your need.
- Click on Save.
- You would be asked to verify by typing “confirm”
- Click on confirm
You will be given a message as success as below.
Now, try to enable bucket policy, this will allow you to do that.
and try to get public access to the bucket from the section “Access control List”.
This will allow you to get that done without any issue.
Now, you would be able to upload objects to the bucket.
Additional information: To make any objects into buckets also as public automatically. You need to play with your bucket policy JSON.
You would need to add /* to the bucket name on the resource line.
I hope this is informative and I thank you for investing your time to learn something new.