Static web hosting on AWS S3 giving me "403 permission denied"

8
votes

I will appreciate if anyone can point me out where I'm doing wrong. see below steps

  1. I have a domain name in route53.

  2. Based on the domain name, I have created a bucket name ( for sake of my question lets stick to bucket and domain name as abc.nl)

  3. Created the bucket, without changing any default provided check-list.
  4. Clicked the bucket(abc.nl) and added below "bucket policy" 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::1234567:user/usrname"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::abc.nl/*"
        }
    ]
}
  1. I have provided my username policy of AmazonS3FullAccess in IAM.
  2. My Block public access (account settings) also unchanged. Block public access (account settings)
  3. Now I uploaded my all static files to the bucket(abc.nl).
  4. In properties tab, I have added index.html under static website hosting block.

Now, as per the manual, I should able to click the link and access the page. But for some reason, it's throwing me 403 access forbidden error.

In my understanding, by simply adding bucket policy you turn on public access. But for me, I don't see "public" tag. So, don't know what's going on. (My understanding could be wrong, hence this post.)

In case you are wondering which manual, I'm following, https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.htmlhow to host static web site.

Anyway, anyone points me out, where I'm doing wrong and which options should I choose from the permissions for the bucket? I could be missing out some lines.

PS: I have created and deleted the same bucket multiple times, just to start fresh every time.

2
amazon-web-servicesamazon-s3web-hosting

2 Answers

11
votes

The Principal value of your bucket policy is wrong. Copied from the Example: Setting up a Static Website Using a Custom Domain that you have linked to:

To grant public read access, attach the following bucket policy to the example.com bucket, substituting the name of your bucket for example.com. 

{
  "Version":"2012-10-17",
  "Statement":[{
    "Sid":"PublicReadGetObject",
    "Effect":"Allow",
    "Principal": "*",
    "Action":["s3:GetObject"],
    "Resource":["arn:aws:s3:::example.com/*"]
  }]
}
5
votes

To make the bucket public (= everyone), you need to set * as principal in your bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::abc.nl/*"
        }
    ]
}

Please also check that you don't have Block public access settings on the bucket because it will prevent you from making the bucket public.