403 Forbidden

[jasonshouse]

After making multiple attempts with different bucket/region combinations, I still have not had any luck uploading any files. All attempts have resulted in 403 Forbidden errors. Any idea if I I'm missing something?

Headers

General

Request Method: POST Status Code: 403 Forbidden

Response Headers

Access-Control-Allow-Methods: PUT, POST, GET, HEAD Access-Control-Allow-Origin: * Access-Control-Max-Age: 3000 Connection: close Content-Type: application/xml Date: Fri, 22 May 2015 17:09:50 GMT Server: AmazonS3 Transfer-Encoding: chunked Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Methods x-amz-id-2: I2ivYOPFhufU69dRaOmr/cdqZv92DeWpxQU1rhXHsr2A2spcU+GKp7YOuB4EQHNv x-amz-request-id: CDD39D1C16DFCCE2

Request Headers

Accept: */* Accept-Encoding: en-US, en;q=0.8 Cache-Control: no-cache Content-Length: keep-alive Content-Type: 34803 Host: s3.amazonaws.com Origin: http://localhost:3000 Pragma: no-cache Referer: http://localhost:3000/s3test User-Agent: Chrome/43.0.2357.65

Preview

<Error>
    <Code>AccessDenied</Code>
    <Message>Access Denied</Message>
    <RequestId>CDD39D1C16DFCCE2</RequestId>
    <HostId>I2ivYOPFhufU69dRaOmr/cdqZv92DeWpxQU1rhXHsr2A2spcU+GKp7YOuB4EQHNv</HostId>
</Error>

Step-by-step Actions:

A.) Installed meteor package B.) Setup configuration on server

S3.config = {
    key: 'MYKEY',
    secret: 'MYSECRETKEY',
    bucket: 'jh-profile-images'
};

C.) Setup client-side code

HTML

<template name="s3test">
    <h1>S3 Test</h1>
    <input type="file" class="file_bag" />
    <button class="upload">Upload</button>
    {{#each files}}
        <p>{{percent_uploaded}}</p>
    {{/each}}
</template>

Javascript

Template.s3test.events({
    'click button.upload': function(event){
        var files = $('input.file_bag')[0].files;
        S3.upload({
            files:files
        },function(err,res){
            console.log('S3 upload err: ',err);
            console.log('S3 upload res: ',res);
        });
    }
});


Template.s3test.helpers({
    'files':function(){
        return S3.collection.find();
    }
});

D.) Created bucket in S3 called jh-profile-images (tried leaving region alone, and later retried hard-coding the region: us-west-1)

E.) Uploaded blank index.html file to bucket. Enabled static web hosting and set index.html as the index document.

F.) Set permissions on index.html file for Everyone to open/download and view. Set permissions on jh-profile-images bucket for Everyone to List, Upload/Delete, and View Permissions.

G.) Copy & Pasted in the CORS Configuration from your docs

H.) Copy and Pasted in the Bucket Policy from your docs. Replaced YOURBUCKETNAMEHERE/* with jh-profile-images/*

And that's it. It's been over almost an hour and a half and still no luck. Any help is greatly appreciated, thank you so much!

[Lepozepo]

That's strange. What region are you in?

[jasonshouse]

I've tried US Standard and us-west-1 with no luck so far.

[Lepozepo]

Hmm, have you tried using the slingshot package to see if it fails with that too?

[jasonshouse]

Got it! After switching to the root AWS account keys everything worked great - there were some permission issues with the IAM user account I was using. I'll be able to get it resolved from here. Thank you for your help and support, I really appreciate it. Cheers!

[Lepozepo]

Sweet! I'm glad you got it working ^_^ I know how much of a pain it can be to get around all the permissions crap Amazon imposes but fails to explain, lol.

[ondrejrohon]

Oh man, I spent so much time on this one today.. Same thing, I had permission issues with IAM user account.. After using root access key everything works.

[lesterzone]

Why we need root access key ? It's not a security issue ?

[lesterzone]

http://blogs.aws.amazon.com/security/post/Tx1JPM2L6BKDBK5/Coming-soon-An-important-change-to-how-you-manage-your-AWS-account-s-access-keys

[subhog]

So, what policy should I set on my account to make this work?