I'm new to AWS and the AWS console. I appear to have somehow really messed up my settings. My client wants to use AWS S3 as a hosting platform for his podcast, but I cannot upload any file with public-read permissions.
To tackle this problem I have attempted changing the bucket policy to the following (as root user):
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::[bucketname]/*"]
}
]
}
However, when I try to save the new policy, I get an Access Denied message. As for the policy that is already in use: there isn't one. It's just a blank field.
Best Answer
If you're the root user and you're getting access denied, you clearly should have any permissions problems as such, but I'm guessing it is an extra layer of protection against accidental public access that AWS have introduced.
They announced "Block public access" feature in Nov 2018 to improve the security of S3 buckets. See the blog article https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
Assuming that's what is causing it, you should be able to change this setting on the bucket first, then you will be able to configure the bucket policy.