I have followed

I haven't touched the Bucket policy, Object ownership, ACL and CORS settings, so they look as follows:

Bucket policy: none

Object Ownership: Bucket owner preferred (as instructed by the guide above).

ACL: "Bucket owner (your AWS account)" has List, Write access on Objects, and Read, Write on Bucket ACL. The other roles (Everyone, Authenticated users group, S3 log delivery group) have no access whatsoever.

CORS: None

I have configured the Strapi application with the credentials (access key id access key secret) of the IAM user which is browsing the above settings (bucket owner).

I could of course fool around with the S3 settings (like unchecking ALL boxes under "Block public access", and open READ access for "Everyone" under "ACL"), but I of course don't want to be less restrictive than what is specified by the available guides...

Can anyone see anything that looks off in this setup?

CodePudding user response：

I initially found some more information than what was present in all guides about what kind of configuration was expected on the S3 side, on the bottom of the upload-aws-s3 provider page. So I added the specified Policy actions and CORS config. However, I still got 403 when trying to preview the uploaded images in the deployed admin panel...

I finally got it working accidentally a day later when I tested around different bucket settings. I temporarily blocked all public access (checked all four check boxes), and then unchecked the first two checkboxes again (as specified in the image in my original post).

I guess the Policy & CORS settings weren't properly updated once I changed them, and just needed a shake (through updating the settings again) in order to get applied...