Getting “AccessDenied” while accessing S3 using Cognito Token

I am following the below tutorial to allow browser based upload to my S3 bucket.

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html

I finished the entire tutorial but when i submit a photo from localhost i get the 403 access denied with acl set to public-read and 400 with acl set to public.

My IAM policy is as shown there


 "Version": "2012-10-17",
 "Statement": [
 
 "Effect": "Allow",
 "Action": [
 "s3:*"
 ],
 "Resource": [
 "arn:aws:s3:::BUCKET_NAME/*"
 ]
 
 ]

and I am using the unauthenticated anonymous user.

The cognito console is showing unauthenticated users but I am not getting to know why also.

The function i'm using to upload is as below

function uploadPDF() 

 var file = $('#fileUpload').val();
 var fileName = Date.now().toString() + ".pdf";
 var albumPhotosKey = encodeURIComponent("files") + '/';

 var photoKey = albumPhotosKey + fileName;
 s3.upload(
 Key: photoKey,
 Body: file,
 ACL: 'public'
 , function(err, data) 
 if (err) 
 console.log(err);
 return alert('There was an error uploading your photo: ', err.message);
 
 alert('Successfully uploaded photo.');
 );

and i've set up the AWS SDK as below

 AWS.config.update(
 region: 'ap-south-1',
 credentials: new AWS.CognitoIdentityCredentials(
 IdentityPoolId: 'ap-south-1:IdentityPoolKey'
 )
 );

 var s3 = new AWS.S3(
 apiVersion: '2006-03-01',
 params: Bucket: albumBucketName
 );

Based on this answer i tried changing the IdentityPoolId to us-east-1 but it didn't show any changes.

asked Nov 12 at 10:57

Nithin

300112

1

Please do make sure that the identity pool ID looks something like this 'ap-south-1:z5f7fe0b-ff8a-4cf8-ae20-c70b682g79b5' and the region is correctly set. You can find the correct IdentityPoolId by going to Cognito > Manage Identity Pools > Federated Identities > 'some-userpool-name' > Sample code. Also make sure you are attaching the IAM role to the identites provided by Cognito.
– AlexK
Nov 12 at 11:30

@TenorFlyy, I am getting Access Denied after i copied the same creds from Cognito console.
– Nithin
Nov 12 at 11:45

1

Have you attached the policy to the Role created by Cognito?
– AlexK
Nov 12 at 11:52

Yep, I have attached the policy.
– Nithin
Nov 12 at 11:54

1

Cool, cool, glad you got it working ^_^ Have a nice day!
– AlexK
Nov 12 at 12:00

|
show 2 more comments

I am following the below tutorial to allow browser based upload to my S3 bucket.

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html

I finished the entire tutorial but when i submit a photo from localhost i get the 403 access denied with acl set to public-read and 400 with acl set to public.

My IAM policy is as shown there


 "Version": "2012-10-17",
 "Statement": [
 
 "Effect": "Allow",
 "Action": [
 "s3:*"
 ],
 "Resource": [
 "arn:aws:s3:::BUCKET_NAME/*"
 ]
 
 ]

and I am using the unauthenticated anonymous user.

The cognito console is showing unauthenticated users but I am not getting to know why also.

The function i'm using to upload is as below

function uploadPDF() 

 var file = $('#fileUpload').val();
 var fileName = Date.now().toString() + ".pdf";
 var albumPhotosKey = encodeURIComponent("files") + '/';

 var photoKey = albumPhotosKey + fileName;
 s3.upload(
 Key: photoKey,
 Body: file,
 ACL: 'public'
 , function(err, data) 
 if (err) 
 console.log(err);
 return alert('There was an error uploading your photo: ', err.message);
 
 alert('Successfully uploaded photo.');
 );

and i've set up the AWS SDK as below

 AWS.config.update(
 region: 'ap-south-1',
 credentials: new AWS.CognitoIdentityCredentials(
 IdentityPoolId: 'ap-south-1:IdentityPoolKey'
 )
 );

 var s3 = new AWS.S3(
 apiVersion: '2006-03-01',
 params: Bucket: albumBucketName
 );

Based on this answer i tried changing the IdentityPoolId to us-east-1 but it didn't show any changes.

asked Nov 12 at 10:57

Nithin

300112

1

Please do make sure that the identity pool ID looks something like this 'ap-south-1:z5f7fe0b-ff8a-4cf8-ae20-c70b682g79b5' and the region is correctly set. You can find the correct IdentityPoolId by going to Cognito > Manage Identity Pools > Federated Identities > 'some-userpool-name' > Sample code. Also make sure you are attaching the IAM role to the identites provided by Cognito.
– AlexK
Nov 12 at 11:30

@TenorFlyy, I am getting Access Denied after i copied the same creds from Cognito console.
– Nithin
Nov 12 at 11:45

1

Have you attached the policy to the Role created by Cognito?
– AlexK
Nov 12 at 11:52

Yep, I have attached the policy.
– Nithin
Nov 12 at 11:54

1

Cool, cool, glad you got it working ^_^ Have a nice day!
– AlexK
Nov 12 at 12:00

|
show 2 more comments

I am following the below tutorial to allow browser based upload to my S3 bucket.

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html

I finished the entire tutorial but when i submit a photo from localhost i get the 403 access denied with acl set to public-read and 400 with acl set to public.

My IAM policy is as shown there


 "Version": "2012-10-17",
 "Statement": [
 
 "Effect": "Allow",
 "Action": [
 "s3:*"
 ],
 "Resource": [
 "arn:aws:s3:::BUCKET_NAME/*"
 ]
 
 ]

and I am using the unauthenticated anonymous user.

The cognito console is showing unauthenticated users but I am not getting to know why also.

The function i'm using to upload is as below

function uploadPDF() 

 var file = $('#fileUpload').val();
 var fileName = Date.now().toString() + ".pdf";
 var albumPhotosKey = encodeURIComponent("files") + '/';

 var photoKey = albumPhotosKey + fileName;
 s3.upload(
 Key: photoKey,
 Body: file,
 ACL: 'public'
 , function(err, data) 
 if (err) 
 console.log(err);
 return alert('There was an error uploading your photo: ', err.message);
 
 alert('Successfully uploaded photo.');
 );

and i've set up the AWS SDK as below

 AWS.config.update(
 region: 'ap-south-1',
 credentials: new AWS.CognitoIdentityCredentials(
 IdentityPoolId: 'ap-south-1:IdentityPoolKey'
 )
 );

 var s3 = new AWS.S3(
 apiVersion: '2006-03-01',
 params: Bucket: albumBucketName
 );

Based on this answer i tried changing the IdentityPoolId to us-east-1 but it didn't show any changes.

asked Nov 12 at 10:57

Nithin

300112

I am following the below tutorial to allow browser based upload to my S3 bucket.

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html

I finished the entire tutorial but when i submit a photo from localhost i get the 403 access denied with acl set to public-read and 400 with acl set to public.

My IAM policy is as shown there


 "Version": "2012-10-17",
 "Statement": [
 
 "Effect": "Allow",
 "Action": [
 "s3:*"
 ],
 "Resource": [
 "arn:aws:s3:::BUCKET_NAME/*"
 ]
 
 ]

and I am using the unauthenticated anonymous user.

The cognito console is showing unauthenticated users but I am not getting to know why also.

The function i'm using to upload is as below

function uploadPDF() 

 var file = $('#fileUpload').val();
 var fileName = Date.now().toString() + ".pdf";
 var albumPhotosKey = encodeURIComponent("files") + '/';

 var photoKey = albumPhotosKey + fileName;
 s3.upload(
 Key: photoKey,
 Body: file,
 ACL: 'public'
 , function(err, data) 
 if (err) 
 console.log(err);
 return alert('There was an error uploading your photo: ', err.message);
 
 alert('Successfully uploaded photo.');
 );

and i've set up the AWS SDK as below

 AWS.config.update(
 region: 'ap-south-1',
 credentials: new AWS.CognitoIdentityCredentials(
 IdentityPoolId: 'ap-south-1:IdentityPoolKey'
 )
 );

 var s3 = new AWS.S3(
 apiVersion: '2006-03-01',
 params: Bucket: albumBucketName
 );

Based on this answer i tried changing the IdentityPoolId to us-east-1 but it didn't show any changes.

amazon-web-services amazon-s3 amazon-cognito

asked Nov 12 at 10:57

Nithin

300112

asked Nov 12 at 10:57

Nithin

300112

asked Nov 12 at 10:57

Nithin

300112

asked Nov 12 at 10:57

Nithin

300112

asked Nov 12 at 10:57

Nithin

300112

1

Please do make sure that the identity pool ID looks something like this 'ap-south-1:z5f7fe0b-ff8a-4cf8-ae20-c70b682g79b5' and the region is correctly set. You can find the correct IdentityPoolId by going to Cognito > Manage Identity Pools > Federated Identities > 'some-userpool-name' > Sample code. Also make sure you are attaching the IAM role to the identites provided by Cognito.
– AlexK
Nov 12 at 11:30

@TenorFlyy, I am getting Access Denied after i copied the same creds from Cognito console.
– Nithin
Nov 12 at 11:45

1

Have you attached the policy to the Role created by Cognito?
– AlexK
Nov 12 at 11:52

Yep, I have attached the policy.
– Nithin
Nov 12 at 11:54

1

Cool, cool, glad you got it working ^_^ Have a nice day!
– AlexK
Nov 12 at 12:00

|
show 2 more comments

1

Please do make sure that the identity pool ID looks something like this 'ap-south-1:z5f7fe0b-ff8a-4cf8-ae20-c70b682g79b5' and the region is correctly set. You can find the correct IdentityPoolId by going to Cognito > Manage Identity Pools > Federated Identities > 'some-userpool-name' > Sample code. Also make sure you are attaching the IAM role to the identites provided by Cognito.
– AlexK
Nov 12 at 11:30

@TenorFlyy, I am getting Access Denied after i copied the same creds from Cognito console.
– Nithin
Nov 12 at 11:45

1

Have you attached the policy to the Role created by Cognito?
– AlexK
Nov 12 at 11:52

Yep, I have attached the policy.
– Nithin
Nov 12 at 11:54

1

Cool, cool, glad you got it working ^_^ Have a nice day!
– AlexK
Nov 12 at 12:00

Please do make sure that the identity pool ID looks something like this 'ap-south-1:z5f7fe0b-ff8a-4cf8-ae20-c70b682g79b5' and the region is correctly set. You can find the correct IdentityPoolId by going to Cognito > Manage Identity Pools > Federated Identities > 'some-userpool-name' > Sample code. Also make sure you are attaching the IAM role to the identites provided by Cognito.
– AlexK
Nov 12 at 11:30

@TenorFlyy, I am getting Access Denied after i copied the same creds from Cognito console.
– Nithin
Nov 12 at 11:45

Have you attached the policy to the Role created by Cognito?
– AlexK
Nov 12 at 11:52

Yep, I have attached the policy.
– Nithin
Nov 12 at 11:54

Cool, cool, glad you got it working ^_^ Have a nice day!
– AlexK
Nov 12 at 12:00

|
show 2 more comments

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53260679%2fgetting-accessdenied-while-accessing-s3-using-cognito-token%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Odtnhj