S3: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
After configure AWSCLI using command aws configure . I'm trying to download files from S3 bucket to local folder test, using following command
aws s3 sync s3://sourceBucket ./test --delete
but it's throwing following error message
download failed: s3://sourceBucket/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
download failed: s3://sourceBucket/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
sourceBucket had following permissions
sourceBucket permissions Image - clickhere
When I check List of objects in sourceBucket using this command
aws s3api list-objects --bucket sourceBucket --query 'Contents[].{Key: Key, Size: Size}'
following is the output of it
[
{
"Key": "jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war",
"Size": 2546325
},
{
"Key": "jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war",
"Size": 3571598
}
]
could some one let me know how to solve this, I need to download the all objects from s3 sourceBucket to local folder test.
Thank you.
Answer
If you use KMS to encrypt your S3 files, also make sure the IAM user / role has access to use the appropriate key to decrypt the file. In your KMS dashboard, click on 'Customer Managed Keys' then click on the specific key used for the S3 bucket. You'll then need to add the appropriate accounts / roles to the key policy. For more see: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam