How to fix ClientError: An error occurred (AccessDenied) when calling the CreateBucket operation: Access Denied when calling create_bucket

1
votes

I tried using boto3 to create a bucket in s3 but received ClientError: An error occurred (AccessDenied) when calling the CreateBucket operation: Access Denied.

I have set up my aws cli credentials through aws configure. Here's my permissions summary:

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

This is my code:

s3.create_bucket(Bucket=bucket_name, ACL='public-read',
                  CreateBucketConfiguration={
                  'LocationConstraint': 'us-west-2'
},)

I want to be able to create a bucket without getting Access denied

1
amazon-s3boto3
are you able to create a bucket in us-west-2 region from S3 console?Harsh Bafna
Yes, I can create a bucket in us-west-2 from S3 consoleTung Nguyen
Are you executing this code from your local machine or some EC2 node? In case of local machine, could you verify correct access and secrete keys are configured i.e. of the same user you are using S3 console. And in case of EC2 node the IAM role attached to the node should have the required permission. The above error generally means the user/role doesn't have the permission to create the bucket.Harsh Bafna
Hey thanks for getting back to me. I created a new IAM user and assigned administrative access to that user. My aw cli was configured based on that User’s credentials.Tung Nguyen
Looks like there is some old credential lying somewhere on your machine, which is being given priority by boto3. Could you please follow this URL : boto3.amazonaws.com/v1/documentation/api/latest/guide/…, and verify all the configurations from where boto3 reads the credentials?Harsh Bafna

1 Answers

0
votes

I encountered the same issue while running on EC2 instance and its seems that for using credentials for Amazon EC2 you need to follow these instructions https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-metadata.html

  • Make sure you delete the credentials you set with aws cli and then edit your ~/.aws/config as the instructions mention