I'm trying to download a file from a private S3 bucket using the PHP SDK (on an EC2 instance).
I create an IAM role and attached the AmazonS3FullAccess
to it.
I created the S3 bucket and this is the bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::206193043625:role/MyRoleName"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::config-files/*"
}
]
}
Then on the PHP side I make a curl request to http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName
, I get a JSON back instantiate the S3Client and try to download it, but I'm getting this error message:
Error executing "GetObject" on "https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php"; AWS HTTP error: Client error:
GET https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php
resulted in a403 Forbidden
response:AccessDenied
Access DeniedC84D80 (truncated...) AccessDenied (client): Access Denied -
AccessDenied
Access DeniedC84D80DE6B2D35FD6sDWIYK98nSH+Oa8lBH7lD91rfHospDeo0jZKFDdo0CaeY8aX6Wb/s2ja5qeYxCBuLwDJ2AqSl0=
Can anyone point me to a direction?