A step-by-step checklist on how to solve the "(AccessDenied) when calling the PutObject operation" error when uploading to AWS S3.

Solve - S3 Access Denied when calling PutObject


## Solving - S3 Access Denied when calling PutObject

The S3 error "(AccessDenied) when calling the PutObject operation" occurs when
we try to upload a file to an S3 bucket without having the necessary
permissions.

![putobject error](/images/blog/aws-s3-access-denied-when-calling-putobject/putobject-error.webp)

**In order to solve the "(AccessDenied) when calling the PutObject operation"
error:**

1. Open the AWS S3 console and click on your bucket's name
2. Click on the `Permissions` tab and scroll down to the
   `Block public access (bucket settings)` section
3. If you are uploading files and making them publicly readable by setting their
   `acl` to `public-read`, verify that creating new public ACLs is not blocked
   in your bucket. Save and confirm the changes.

![verify-not-blocking-acls](/images/blog/aws-s3-access-denied-when-calling-putobject/verify-not-blocking-acls.webp)

4. On the same page scroll down to the `Bucket Policy` section and verify that
   your bucket policy does not `Deny` the `PutObject` action or have a
   `Condition` that prevents you from uploading files, e.g. an IP restriction

5. Verify that you are not misspelling the name of the bucket when uploading
   files. E.g. in this example I try to upload a file to a bucket named `hello`.
   Since I don't own this bucket, I get the **"(AccessDenied) when calling the
   PutObject operation"** error

![wrong bucket name](/images/blog/aws-s3-access-denied-when-calling-putobject/wrong-bucket-name.webp)

<InArticleAd />

6. Open the permissions policy, attached to your IAM entity (the user or role)
   that is responsible for granting the `PutObject` permissions and verify that
   it has the following actions allowed:

<Alert>
  Make sure to replace the <code>YOUR_BUCKET</code> placeholder with the name of
  your s3 bucket.
</Alert>

<Alert type="success">
  Don't attach this policy as a bucket policy, rather attach it to the user that
  is trying to upload files to the S3 bucket or to the corresponding role (e.g.
  of a lambda function or EC2 instance).
</Alert>

```json:putobject-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:AbortMultipartUpload"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET",
                "arn:aws:s3:::YOUR_BUCKET/*"
            ],
            "Effect": "Allow"
        }
    ]
}
```

<Alert>
  Note that S3 is a globally distributed service and it might take a minute or
  two for the policy to take effect.
</Alert>

Once the policy is attached to the IAM entity you will be able to upload files
to your S3 bucket.

![successfully put object](/images/blog/aws-s3-access-denied-when-calling-putobject/successfully-putobject.webp)

<InArticleAd />

## Further Reading

- [AWS CDK Tutorial for Beginners - Step-by-Step Guide](/blog/aws-cdk-tutorial-typescript)
- [How does AWS CDK work](/blog/how-does-aws-cdk-work)
- [What is a Token in AWS CDK](/blog/what-is-aws-cdk-token)
- [CDK Constructs - Complete Guide](/blog/cdk-constructs-tutorial)
- [What is an identifier (id) in AWS CDK](/blog/aws-cdk-identifiers)
- [How to use Context in AWS CDK](/blog/how-to-use-context-aws-cdk)
- [How to use Parameters in AWS CDK](/blog/aws-cdk-parameters-example)

<InArticleAd />


Solve - S3 Access Denied when calling PutObject

Solving - S3 Access Denied when calling PutObject #

Further Reading #

Borislav Hadzhiev

For more articles, navigate to myHome Page

Solve - S3 Access Denied when calling PutObject

Solving - S3 Access Denied when calling PutObject #

Further Reading #

Join my newsletter

Borislav Hadzhiev

For more articles, navigate to myHome Page