In my scenario I have created a new policy to grant access to a server in our instance but it doesn't appear to have taken effect. We granted read and list permissions with arn:aws:iam::657644469569:role/XyzServer but we are still getting 403s from
i-0215c9ea7f43cfb58.I've added an inline policy to the "XyzServer" role to allow read and list permissions on that instance (i-0215c9ea7f43cfb58 (Xyz-configure)).
I'm still receiving a deny message.
curl
https://s3.amazonaws.com/cloudfront.qwerty.com/files/ftp_upload/45174/57154fig8.jpg
-I
HTTP/1.1 403 Forbidden
x-amz-request-id: p0FMK9SGJD63S38H
x-amz-id-2:
pFibZwlkTUKHfgPsGwjtMlfPEAYPsOVHt29JAFtWrKRnqJAl6TrzLetkerLHPWgP1puxsXYXFxk=
Content-Type: application/xml
Date: Thu, 14 Apr 2022 20:52:53 GMT
Server: AmazonS3
I try to access the S3 object from the instance (i-0215c9ea7f43cfb58 (Xyz-configure)) via AWS S3 CLI and its work fine.
We were hoping to be able to access from outside the CLI though.
To access outside the EC2 services, I think we can create an IAM User with Programmatic Access, the generated AWS Access Key and Secret Access Key will be configured to our local machine. Right?
When trying to retrieve PDFs from our Xyzserver we're getting denied access if PHP is executing it. Do anyone guide me to know why this would be? Here are the two commands:
• php -r 'file_get_contents("https://www.qwerty.com/pdf/57154/qwerty-protocol-57154-a-case-series-successful-abd-utilizing-novel-technique");
• curl https://www.qwerty.com/pdf/57154/qwerty-protocol-57154-a-case-series-successful-abd-utilizing-novel-technique -I
• From my observation ,I think this actually is our application serving the 403, not S3. Perhaps the PHP request somehow doesn't go out through our NAT? is that right ?
• That may be 403 prior to those changes for both CLI and PHP
I've not seen the behaviour where it only fails for 1 of those request routes(CLI Works).
what is the best advice here to solve this ?
