Home > Mobile >  AWS S3 | Access Denied while requesting image by URL | .Net Core
AWS S3 | Access Denied while requesting image by URL | .Net Core

Time:04-02

We have a S3 Bucket where we have stored images and we want to show these image on our Angular component by using image URL. But when we hit the URL , we are getting this error

Error:

Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

enter image description here

How can we load these images on our Angular component using URLs ??

Note: We are hosting this application on Elastic Beanstalk using .Net core project.

Here is the bucket policy:

{
    "Version": "2012-10-17",
    "Id": "BUCKETPOLICY",
    "Statement": [
        {
            "Sid": "DenyInsecureAccess",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::dev-productimages",
                "arn:aws:s3:::dev-productimages/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

Here is Encryption configuration:

enter image description here

CodePudding user response:

You're denying insecure access, but where are you granting access?

Without explicitly granting public access, your objects are accessible only to authenticated users from the owner account. I would rewrite as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAnonymousAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::dev-productimages/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}

Very important: note that I changed the action to s3:GetObject.

CodePudding user response:

When you upload the file, you need to set the acl to public read access

https://docs.aws.amazon.com/sdkfornet1/latest/apidocs/html/T_Amazon_S3_Model_S3CannedACL.htm

Example:

var transferUtilityRequest = new TransferUtilityUploadRequest()
            {
                InputStream = file.OpenReadStream(),
                Key = trustedStorageName,
                BucketName = bucketName,
                CannedACL = S3CannedACL.PublicRead, // Ensure the file is read-only to allow users view their pictures
                PartSize = 6291456
            };
  • Related