AWS S3: Access denied if file is within folder

Question

I am uploading several files and folders to an S3 bucket. What I'm, uloading looks like this:

File1
File2
File3
img/
    File4
    File5

meaning files 4 & 5 are in folder img.

I want all of these files to be publicly accessible, so I specifiy the following permissions when uploading:

Upload succeeds, but for whatever reason, I cannot access the files in img from the browser. Everything outside img is fine (i.e. Files1-3), but when trying to access File4 or File5, I get the following error:

I have tried selecting the folder and choosing Actions => Make public using ACL

But I still get Access Denied when accessing files in this folder.

I've also tried applying the ACL to the actual objects under img/, not the img/ folder itself, but I still get the same result.

Apply the ACL to the actual objects under `img/`, not the `img/` folder itself. — jarmod, Jul 20 '23 at 21:11
By the way, if you simply want to make all objects in the bucket publicly readable then it's typically better to [use an S3 bucket policy](https://stackoverflow.com/questions/19176926). — jarmod, Jul 20 '23 at 22:12
@jarmod I tried that with no success. Added this to the question — ChrisC, Jul 21 '23 at 00:40
Double-check the ACL on the object in question using [aws s3api get-object-acl](https://docs.aws.amazon.com/cli/latest/reference/s3api/get-object-acl.html) and then re-test a browser fetch of the image from a new browser or incognito session or using curl/wget. — jarmod, Jul 21 '23 at 12:56

score 1 · Answer 1 · answered Jul 20 '23 at 22:57

Using ACLs is discouraged these days -- they are a hold-over from the earlier days of S3. In fact, these days it is encouraged to Disable ACLs for all new buckets - Amazon Simple Storage Service.

Instead, attach a Bucket Policy to the bucket. This policy will grant permission for anyone to download any object from the bucket, but they need to know the Key (filename) of the object since it doesn't grant permission to list the contents of the bucket:

{
   "Version":"2012-10-17",
   "Statement":[
     {
       "Effect": "Allow",
       "Principal": "*",
       "Action": "s3:GetObject",
       "Resource":"arn:aws:s3:::MY-BUCKET/*"
     }
   ]
}

AWS S3: Access denied if file is within folder

1 Answers1