Getting boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden when uploading file

Question

There are a few other questions on this issue:

boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

S3ResponseError: S3ResponseError: 403 Forbidden

S3ResponseError: 403 Forbidden using boto

Python: Amazon S3 cannot get the bucket: says 403 Forbidden

However, it seems I may be having a different problem (e.g., clock skew is not an issue and I already tried setting validate=False, and I believe I have the correct key and secret key because trying a bogus key or secret key gives me different errors). Here is my script:

import boto
import sys
from boto.s3.key import Key

BUCKET_NAME = sys.argv[1]
AWS_ACCESS_KEY_ID = sys.argv[2]
AWS_SECRET_ACCESS_KEY = sys.argv[3]

conn = boto.connect_s3(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
bucket = conn.get_bucket(BUCKET_NAME, validate=False)
k = Key(bucket)
k.key = 'barbaz'
k.set_contents_from_filename('/tmp/barbaz.txt')

And the result:

Traceback (most recent call last):
  File "/home/jonderry/sdmain/src/scripts/jenkins/upload_to_s3.py", line 16, in <module>
    k.set_contents_from_filename('/tmp/barbaz.txt')
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 1360, in set_contents_from_filename
    encrypt_key=encrypt_key)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 1291, in set_contents_from_file
    chunked_transfer=chunked_transfer, size=size)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 748, in send_file
    chunked_transfer=chunked_transfer, size=size)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 949, in _send_file_internal
    query_args=query_args
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 664, in make_request
    retry_handler=retry_handler
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1068, in make_request
    retry_handler=retry_handler)
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 939, in _mexe
    request.body, request.headers)
  File "/usr/local/lib/python2.7/dist-packages/boto/s3/key.py", line 882, in sender
    response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>***someRequestId***</RequestId><HostId>***someHostId</HostId></Error>

Any ideas what is the problem, or how to diagnose further?

have you tried the upload with the same keys using s3cmd? just to be sure you do have access rights to that bucket. — mcniac, Oct 27 '14 at 19:19
I just tried `s3cmd`. I receive no error, but the file doesn't appear in the bucket as expected. I issued the following command: `s3cmd -c /path/to/config/file put /tmp/bazbar.txt s3://bucket-name` — jonderry, Oct 27 '14 at 20:13

score 33 · Answer 1 · answered Jan 16 '15 at 13:13

33

This will also happen if your machine's time settings are incorrect

answered Jan 16 '15 at 13:13

altschuler

3,694
2
28
55

2

This ended up being my problem. My virtual box's time got out of sync with reality. – JayD3e Jan 19 '15 at 19:57
4

This ended up being my problem as well. Needed to just do a `vagrant reload` on my virtual box. – JayD3e Mar 23 '15 at 20:51
2

OS X: `sudo ntpdate -u time.apple.com` – Mike Atlas Aug 28 '15 at 17:14
thaaaaaaaaaaaaaank you – zied.hosni Dec 20 '16 at 20:14
wow - after an embarrassing number of hours assuming i was making some little stupid mistake this saved me! vagrant was way off... – abigperson May 08 '17 at 03:11
YES! This is important! – Edwin Nov 10 '18 at 03:40
I used the following guide to update the time on EC2 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html – Eran H. Dec 09 '19 at 10:19

score 3 · Accepted Answer · answered Oct 30 '14 at 14:15

3

It looks like that you do not have the right to write on this bucket. What is the bucket policy? Can you make sure that this IAM user can put on this bucket?

answered Oct 30 '14 at 14:15

Jerome Guiard

131
1
1
4

I had to add to "Authenticated Users" the permission to upload/delete. Adding a policy would have worked too, but for this particular case, the permissions UI was the easiest way to resolve the issue. – jonderry Oct 30 '14 at 18:05
2

Do not use "Authenticated Users"! This is very misleading as it gives access to your bucket to all authenticated AWS users (like myself for example). Amazon should make it clearer. – Chris Koston Jan 11 '17 at 22:00

score 0 · Answer 3 · answered Aug 03 '15 at 01:08

0

I had this issue too where I tried validate=False, and ntpdate, and giving "Authenticated Users" the permission to upload/delete on AWS. My resolution is probably rare, but just in case anyone else did this:

I started running my Django app with credentials in my environment for my bucket 'xyz'. Then I changed the credentials to upload to my friend's bucket 'abc'. There was a mismatch between these credentials, so all I needed to do was restart gunicorn.

answered Aug 03 '15 at 01:08

MRR

397
4
11

From what I understand, giving permission to "Any Authenticated AWS User" applies to any authenticated aws user, not just those who are authenticated to your particular account, so this solution is a security concern. – kloddant Dec 03 '16 at 00:47

Getting boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden when uploading file

3 Answers3

Linked