AWS S3 | Access denied | Unable to grant public access to an existing S3 bucket
Unable to grant public access to an existing S3 bucket?
Have you ever come across this frustrating situation, when your developer suddenly asks you to enable public access to an existing private S3 bucket. You try to enable it through the console but, this gives you an error message as below.
You have tried all possible ways to fix the issue by checking if the bucket policy is correct, or the IAM user has enough privilege to perform this task.
Then, at the end of this article, you will be amazed to see that the solution is about simplicity.
Here on my S3 console, you can see there is a bucket (something today), which is not Public.
See the message (Bucket and objects not public)
The above message confirms that the bucket and the objects inside don`t have any public access.
- Now, you have tried to enable public access to this bucket in the below way.
- You selected the bucket.
Then, a pop-up window comes with the permission
Then you clicked on Permission and that leads you to this permission page.
There you would easily move to Access Control List(2 on the picture)
You Navigate to “Public access” section and select “Everyone” checked all the checkbox(2) and click on Save(3)
Then to your disappointment, you get an error as “Access denied”
Now thinking rather scratching your head to find out what was wrong.
Now, you will think for a while and create a bucket policy to solve this issue. The policy may be something like this
Even that also gives you with error “Access denied” error.
Now, you probably will check if the IAM user has a correct policy to perform this task etc.
But, to get that bucket a public access and create a bucket policy, the bucket should first have
“Public access settings” configured correctly.
Let’s work for a solution now.
- Click on your bucket
- Go to Permissions
- Select “Public access settings”
- This will provide with a new popup and, you click on “edit”
Read all these 4 checks and uncheck them as per your need.
- Click on Save.
- You would be asked to verify by typing “confirm”
- Click on confirm
You will be given a message as success as below.
Now, try to enable bucket policy, this will allow you to do that.
and try to get public access to the bucket from the section “Access control List”.
This will allow you to get that done without any issue.
Now, you would be able to upload objects to the bucket.
Additional information: To make any objects into bucket also as public automatically. You need to play with your bucket policy json.
You would need to add /* to the bucket name on the resource line.
I hope this is informative and I thank you for investing your time to learn something new.