S3 PHP access denied put object in one bucket but success in other bucket

  amazon-s3, amazon-web-services, php

I’m trying to use PHP to put a file into an s3 bucket, but I’m getting an Access Denied error. I’m pretty sure the issue is related to the bucket configuration and not my code or the IAM user policy because I did the following experiments

  1. I use the key_id and key_secret of the root user
  2. I perform <?php $S3->putObjectFile to the bucket new-bucket
  3. I get Access Denied error
  4. I perform <?php $S3->putObjectFile to the bucket old-bucket which is a bucket I’ve successfully written to in the past
  5. I get success and confirm that file is properly uploaded
  6. I create a new IAM user with the appropriate write policies to both the new-bucket and the old-bucket
  7. I perform steps 2 to 5 with the new IAM user and get the same results and get the same results as the root user.
  8. I open S3 Browser on my computer
  9. I insert the key_id and key_secret of root user
  10. I upload file to new-bucket.
  11. I get success.
  12. I upload file to old-bucket.
  13. I get success.
  14. I insert the key_id and key_secret of the IAM user.
  15. I perform the steps 10 to 14 and get the same results as the root user.
  16. I go to S3 website and review what is different between the configurations of the old-bucket vs. the new-bucket. The only differences I can see are that the bucket names are different and the regions are different. They both have these permissions:

enter image description here
enter image description here
enter image description here
enter image description here

What am I doing wrong?


I conducted a few more experiments.

  1. I went to S3 website
  2. I pressed the Create Bucket button
  3. I typed new-bucket-2 into the name of the bucket and I chose us-west-2 as the region (which is same as old-bucket).
  4. I pressed Copy settings from another bucket and I chose old-bucket.
  5. I pressed Save.
  6. I updated the policies of the IAM user to be abel to write to the new-bucket-2.
  7. Both the root user and the IAM user will get Access Denied when <?php $S3->putObjectFile to new-bucket-2.
  8. Both the root user and the IAM user can write to new-bucket-2 via the S3 Browser on my computer.

Also note, the old-bucket was made many years ago. Not sure if that makes a difference?

Source: Ask PHP

LEAVE A COMMENT