Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Getting Access Denied. Please make sure the user attached to the access key has access to assets.project.com

See original GitHub issue

Getting the following error:

manager.project.com/s3-website-us-west-1.amazonaws.com says:

Access Denied. Please make sure the user attached to the access key has access to assets.project.com.

I’ve found a similar issue (https://github.com/ChrisZieba/dodgercms/issues/3) but the solution didn’t resolve it for me.

Here are the steps that I took:

Setup data.project.com

Created data.project.com S3 bucket:

aws s3api create-bucket --bucket data.project.com --region us-west-1 --create-bucket-configuration LocationConstraint=us-west-1

Create data-cors.json:

{
  "CORSRules": [
    {
      "AllowedOrigins": ["*"],
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["HEAD", "GET", "PUT", "POST", "DELETE"],
      "ExposeHeaders": ["ETag", "x-amz-meta-title", "x-amz-meta-label"]
    }
  ]
}

Edited data.project.com CORS:

aws s3api put-bucket-cors --bucket data.project.com --cors-configuration file://~/data-cors.json

Setup assets.project.com

Created assets.project.com S3 bucket:

aws s3api create-bucket --bucket assets.project.com --region us-west-1 --create-bucket-configuration LocationConstraint=us-west-1

Create assets-policy.json:

{
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::assets.project.com/*"
      }
   ]
}

Edited assets.project.com policy

aws s3api put-bucket-policy --bucket assets.project.com --policy file://~/assets-policy.json

Create assets-cors.json:

{
  "CORSRules": [
    {
      "AllowedOrigins": ["*"],
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["HEAD", "GET", "PUT", "POST", "DELETE"],
      "ExposeHeaders": ["ETag"]
    }
  ]
}

Edited assets.project.com CORS:

aws s3api put-bucket-cors --bucket assets.project.com --cors-configuration file://~/assets-cors.json

Setup project.com

Created project.com S3 bucket:

aws s3api create-bucket --bucket project.com --region us-west-1 --create-bucket-configuration LocationConstraint=us-west-1

Configure bucket as a website

aws s3 website s3://project.com/ --index-document index.html --error-document error.html

Create web-policy.json:

{
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::datacoral.io/*"
      }
   ]
}

Edited project.com policy

aws s3api put-bucket-policy --bucket project.com --policy file://~/web-policy.json

Create web-cors.json:

{
  "CORSRules": [
    {
      "AllowedOrigins": ["*"],
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["HEAD", "GET", "PUT", "POST", "DELETE"],
      "ExposeHeaders": ["ETag", "x-amz-meta-title", "x-amz-meta-label"]
    }
  ]
}

Edited project.com CORS:

aws s3api put-bucket-cors --bucket project.com --cors-configuration file://~/web-cors.json

Setup manager.project.com

Created manager.project.com S3 bucket:

aws s3api create-bucket --bucket manager.project.com --region us-west-1 --create-bucket-configuration LocationConstraint=us-west-1

Configure bucket as a website

aws s3 website s3://manager.project.com/ --index-document index.html --error-document error.html

Uploaded files to manager.project.com

aws --profile dccustomer s3 sync ~/dodgercms s3://manager.project.com/ --acl public-read

Created a user with the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1427944232000",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObject",
                "s3:GetBucketWebsite",
                "s3:PutBucketWebsite",
                "s3:DeleteBucketWebsite",
                "s3:GetBucketLogging",
                "s3:GetBucketVersioning",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::data.project.com",
                "arn:aws:s3:::data.project.com/*",
                "arn:aws:s3:::assets.project.com",
                "arn:aws:s3:::assets.project.com/*",
                "arn:aws:s3:::project.com",
                "arn:aws:s3:::project.com/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "sts:GetFederationToken",
            "Resource": "*"
        }
    ]
}

Issue Analytics

  • State:open
  • Created 7 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
tomsaleebacommented, Dec 19, 2018

It might be because your bucket isn’t in the us-east-1 zone. If you know how to open the dev tools in your browser, do so when you try to login and if you the OPTIONS calls to s3 are returning a 301 HTTP reponse status (not a 200) then this could be the reason.

I noticed someone else has had to change the code to use a different region: https://github.com/peter-mount/dodgercms/commit/333a695b410489b86083ffb1f9fcf749dfc95ade. I’ve gone through the same issue and made the same change and it works. Although it’s late, so hopefully I’ve diagnosed it right.

0reactions
Fluffy9commented, Oct 6, 2018

Same issue

Read more comments on GitHub >

github_iconTop Results From Across the Web

Getting Access Denied. Please make sure the user attached to ...
Access Denied. Please make sure the user attached to the access key has access to assets.project.com. I've found a similar issue (https://github ...
Read more >
Access Denied or You need permission to access this site
The most common cause is that permissions for the user or administrator are configured incorrectly or not configured at all. Resolution Option 1 ......
Read more >
Resolve "Access Denied" errors when running Athena queries
When I run an Amazon Athena query, I get an "Access Denied" error. ... Be sure that the IAM user has the required...
Read more >
Manage access to projects, folders, and organizations
In Identity and Access Management (IAM), access is granted through allow policies, also known as IAM policies. An allow policy is attached to...
Read more >
Chapter 8-Protecting Your System: User Access Security, from ...
A person with a "need-to-know" has been designated by school officials as having a legitimate educational or professional interest in accessing a record....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Fix MarshallAs issue with raylib structs

Next page

Add node included packages to suggestions