IOS AWSS3 SDK upload denied AWSS3BucketCannedACLPublicReadWrite

1
votes

Trying to upload image to Amazon S3 with public read permission.

UPLOAD DENIED:

with ACL 'PublicReadWrite'

_uploadRequest.ACL = AWSS3BucketCannedACLPublicReadWrite

UPLOAD SUCCESS:

with ACL 'Private'

_uploadRequest.ACL = AWSS3BucketCannedACLPrivate

any solution? direction?

MY CODE:

1. SET CERDITIALS

AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc]
initWithRegionType:_regionType
identityPoolId:_pool_id];

2. CONFIGURATION 

AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc]initWithRegion:_regionType credentialsProvider:credentialsProvider];    
AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration;

3. CREATE UPLOAD REQUEST

_uploadRequest = [AWSS3TransferManagerUploadRequest new];
_uploadRequest.ACL = AWSS3BucketCannedACLPublicReadWrite;

4. START Transfer MANAGER

AWSS3TransferManager * transferManager = [AWSS3TransferManager defaultS3TransferManager];
[[transferManager upload:_uploadRequest] continueWithExecutor:[AWSExecutor mainThreadExecutor] withBlock:^id(AWSTask * task) {


    return nil;
}];

  • bucket permissions are Read/Write ( for all users)

enter image description here

BUCKET POLICY:

{
    "Version": "2012-10-17",
    "Id": "Policy14...5",
    "Statement": [
        {
            "Sid": "Stmt14.....5",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::myBucket/UsersUploads"
        }
    ]
}
1
objective-camazon-s3awss3transfermanager
Um - are you using the SDK or just making a POST ?? - Fattie
@Fattie, Using latest SDK - user1447300
Is there a bucket policy set? - Michael - sqlbot
@Michael-sqlbot i updated the answer, the policy in there { "Version": "2012-10-17", "Id": "Policy14.....", "Statement": [ { "Sid": "Stmt14.....5", "Effect": "Allow", "Principal": { "AWS": "" }, "Action": "s3:", "Resource": "arn:aws:s3:::cheez.app/UsersUploads" } ] } - user1447300
Thanks for the update. Note that your comment didn't paste properly, because the * characters were interpreted as markdown. To prevent this in the future, you can surround short blocks of code or other literals with ` backticks in comments (or the body). Adding to the question with an edit is even better, so thank you for that. - Michael - sqlbot

1 Answers

0
votes

add * at the end of your "Resource" line (in your bucket policy)

arn:aws:s3:::{bucketName}/{Folder}/*