I'm trying to modify the bucket policy of my Amazon Simple Storage Service (Amazon S3) bucket using the console, but I'm getting an "Access Denied" error. How can I fix this?

To view a bucket policy from the Amazon S3 console, your AWS Identity and Access Management (IAM) user or role must have permission to the s3:GetBucketPolicy action. To edit an existing bucket policy, your IAM user or role must have permission to the s3:PutBucketPolicy action.

To resolve the "Access Denied" error, check the following:

  • Confirm that your IAM user or role has permission (Allow statement) to both the s3:GetBucketPolicy action and the s3:PutBucketPolicy action. Then, confirm that there's no explicit Deny statement in your IAM policies that override your permission to those actions.
  • If you still get the error after updating your IAM user or role, check the bucket policy for any Deny statements that prevent your IAM user or role from using the s3:GetBucketPolicy or s3:PutBucketPolicy actions. If there's a Deny statement that must be corrected, the bucket policy must be updated by an IAM user or role that's allowed to modify the bucket policy.
  • If the bucket policy denies access to the s3:GetBucketPolicy or s3:PutBucketPolicy to all principals, the root user must delete the existing bucket policy. Then, your IAM user or role can create a new bucket policy.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-12-26

Updated: 2019-03-01