403 Forbidden during POST to S3 bucket

aws:s3 403 forbidden
403 forbidden s3 static website
s3 bucket policy
aws s3 403 forbidden stackoverflow
s3 upload access denied
s3 download 403 forbidden
s3 putobject
aws:s3 bucket policy access denied

I'm following this tutorial to deploy a simple photo uploading service to an S3 bucket.

I created a new role with the following policy

   "Version": "2012-10-17",
   "Statement": [
         "Effect": "Allow",
         "Action": [
         "Resource": [

Granted all authorized AWS users list and read/write access in the bucket, set the following CORS

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

Generated a new Cognito identity pool and ran the script in the link above. It runs successfully, it opens a new album and I can see it in the S3 console, but when I try to upload a photo into the album I get the error:

BUCKET_NAME.amazonaws.com/ALBUM_NAME//PHOTO_NAME.jpeg?uploads:1 POST https://BUCKET_NAME.amazonaws.com/ALBUM_NAME//PHOTO_NAME.jpeg?uploads 403 (Forbidden)

When I try to access the link generated by the script, I get this XML:

Key is not expected for the GET method ?uploads subresource

Any idea why this problem occurs?

You are doing a HTTP POST, not a HTTP PUT. If you want to pass the key, you are supposed to use a PUT. If you want to do a POST, you need to pass the key in the body as described in this page.

Troubleshoot 403 Errors When Adding Objects to S3 Buckets, You are doing a HTTP POST, not a HTTP PUT. If you want to pass the key, you are supposed to use a PUT. If you want to do a POST, you need  To troubleshoot the HTTP 403 Forbidden error from the Amazon S3 console, check the following: Missing permissions to use an AWS Key Management Service (AWS KMS) key Bucket policy requires encryption Bucket access control list (ACL) doesn't allow the AWS account root user to write objects

You're missing part of the privileges for the s3 bucket.

In this example, you want to grant an IAM user in your AWS account access to one of your buckets, example bucket, and allow the user to add, update, and delete objects.

In addition to granting the s3:PutObject, s3:GetObject, and s3:DeleteObject permissions to the user, the policy also grants the s3:ListAllMyBuckets, s3:GetBucketLocation, and s3:ListBucket permissions. These are the additional permissions required by the console. For an example walkthrough that grants permissions to users and tests them using the console, see An Example Walkthrough: Using user policies to control access to your bucket.



403 Forbidden during POST to S3 bucket, When accessing a s3 bucket you get 403 Forbidden error What does it mean? Permissions for bucket and object owners across AWS accounts. By default, an S3 object is owned by the AWS account that uploaded it. This is true even when the bucket is owned by another account. If other accounts can upload objects to your bucket, then check which account owns the objects that your users can't access: 1.

I too had the same issue. Instead of removing ACL:'public-read' I changed it to 'public-read-write' and it worked. I can only assume since the bucket policy is read write, trying to set it to read only caused a conflict...but just guessing.

How do I troubleshoot 403 Access Denied errors from Amazon S3?, Hi guys, do enyone get error 403 Access Denied while trying upload to my Amazon S3 bucket via AWS-SDK and successfully uploaded few  I'm using Deja Dup to backup my laptop to S3. This has been working for many backups but as of 20 days ago stopped working. Traceback (most recent call

This is old but just in case someone stumbles onto it when working with Cognito uploads.

In my case the problem was that the region of my S3 (us-east-1) is different than the Cognito server region (eu-west-1). Most examples online only set one region and the upload uses the same region by default.

So in Javascript, to authenticate you need to set the Cognito region:

AWS.config.region = 'eu-west-1'; // Cognito Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'eu-west-1:51a4f410-7694-4222-89b5-...',

Then before upload you set your S3 Bucket region:

var s3 = new AWS.S3({
  region: 'us-east-1', //Bucket region
  apiVersion: '2006-03-01',
  params: {Bucket: [BUCKET-NAME]}

How do I add an S3 Bucket policy?, Akash shows you why you get a 403 "Access Denied" error in Athena when I query an S3 Duration: 4:41 Posted: Apr 22, 2020 Status code will say about accessibility of the bucket, 404 for non existing, 403 — Forbidden (access denied) and 200 for public access. This method is very similar to the rest of the cases but

What is Amazon S3? - Definition from WhatIs.com, In the Alice account, there is one S3 bucket called alicebucket, this… Fix the error HTTP 403: Access Denied from Amazon S3 After this permission fix if you run again the first script the result doesn't change because that  getting 403 forbidden when trying to upload to digialtocean spaces from laravel I think I am missing a step in giving my key write access to the bucket, but I can

Amazon S3 image upload error POST 403 (Forbidden), return s3.upload({ Key: filename, Body: file, ContentType: file.type, ACL: 'public-​read', }) if I log in to AWS console and look in the S3 Bucket, and the DynamoDB table, I'm 403 (Forbidden) xhr.js?28e2:81 PUT https://hrs-notes-​uploads.s3-ap-  IAM user permission to s3:PutObjectAcl. If the IAM user needs to update the object's Access Control List (ACL) during the upload, then the user also must have permission to the s3:PutObjectAcl action in their IAM policy. For instructions on how to update a user's IAM policy, see Changing Permissions for an IAM User. Conditions in the bucket policy

I get a 403 "Access Denied" error in Athena when I query an S3 , It sounds like there are two concepts being mixed up a bit here. The bucket_default bit is all stuff related to CloudMan and is hence not relevant when just  To make the objects in your bucket publicly readable, you must write a bucket policy that grants everyone s3:GetObject permission. After you edit S3 Block Public Access settings, you can add a bucket policy to grant public read access to your bucket.

  • In your error message, I see a double slash in: ALBUM_NAME//PHOTO_NAME.jpeg. I'd recommend checking the parameters that you're passing in your script for an extra slash, removing it and trying again.
  • @Aditya This is the way it appears on the script, though I tried to change that line to var albumPhotosKey = encodeURIComponent(albumName) + '/'; and it still persists.
  • Unfortunately this did not help, though what did help was removing " ACL: 'public-read'" from my uploaded file's params. Can you please explain to me why this solved the issue?