1

I created a bucket, where I allow objects to be publicly accessible. I put a file in that bucket, and I can access it through a simple HTTP GET request (even from an anonymous browser). However, trying to access the same file using the AWS SDK for .net's GetObject function (or even using AWS CLI) I get an access denied error. What could I be doing wrong?

Private region As RegionEndpoint = RegionEndpoint.EUCentral1

Public Function ReadObject(ByVal bucket As String, ByVal key As String) As String
  Dim request As New GetObjectRequest()
  request.BucketName = bucket
  request.Key = key
  Dim responseBody As String
  Dim client As New AmazonS3Client(region)
  Using response As GetObjectResponse = client.GetObject(request)
    Using responseStream As Stream = response.ResponseStream
      Using reader As New StreamReader(responseStream)
        responseBody = reader.ReadToEnd()
      End Using
    End Using
  End Using
  Return responseBody
End Function
Shahar Mosek
  • 1,922
  • 3
  • 17
  • 27
  • Either that user has a `Deny` policy that is overriding the public `Allow`, or your code is not actually retrieving that object (eg might be the wrong name). Can you provide some code for us to check? – John Rotenstein Apr 02 '19 at 11:43
  • Added the code to the original post. I can see the file in the S3 console when logged in with the same user, so it doesn't look like the user is denied. – Shahar Mosek Apr 02 '19 at 11:52
  • Using SDK or CLI require AWS credentials. Are you sure credentials are set up correctly? Can you share error message? – A.Khan Apr 02 '19 at 12:14
  • Oh! If you can't access it via the CLI, then you have a credentials problem. Run `aws configure` and enter the Access Key & Secret Key associated with your IAM User. – John Rotenstein Apr 02 '19 at 21:36
  • I did run aws configure and entered my access and secret keys. I even create new credentials and used them, with the same result. This is the error I get: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied – Shahar Mosek Apr 03 '19 at 12:52
  • If I run the CLI command with --debug, it prints the URL and headers being used. If I take these same URL and parameters into an HTTP client and send them, I get the file. – Shahar Mosek Apr 03 '19 at 12:57

0 Answers0