403 access denied error for files uploaded to s3 using aws command line tool

Question

I'm trying to upload images to s3 using the aws command line tool. I keep getting a 403 access denied error.

I think the --acl flag from here http://docs.aws.amazon.com/cli/latest/reference/s3/cp.html should fix this but all the options I've tried haven't helped.

I have a django app running which uploads to s3 and I can access those images fine.

Tom Tom · Accepted Answer · 2015-08-03T15:06:57

did you set any IAM or bucket policy to allow upload to your bucket? There is (at least) 3 ways to enable a user to access a bucket:

specify an acl at the bucket level (go to the bucket page, select your bucket and click "properties", there you can grant more accesses)
attach a policy to the bucket itself, e.g to something like:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Example permissions", "Effect": "Allow", "Principal": { "AWS": "arn of user or role" }, "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:PutObject" ], "Resource": "arn:aws:s3:::your bucket name" } ] }
attach an policy to your IAM user, e.g to give admin rights:go to IAM > users > your user > attach policy > AmazonS3FullAccess

If you want to build your own policy, you can use the aws policy generator

If you want more specific help, please provide more details (which users should have which permissions on your bucket, etc)

hope this helps