CodexBloom - Programming Q&A Platform

AWS API Gateway returning 403 Forbidden for private S3 bucket despite correct bucket policy

πŸ‘€ Views: 1 πŸ’¬ Answers: 1 πŸ“… Created: 2025-06-07
aws api-gateway s3 permissions json

I've been struggling with this for a few days now and could really use some help... I'm upgrading from an older version and I'm performance testing and I've been struggling with this for a few days now and could really use some help... I'm relatively new to this, so bear with me. I'm working on a personal project and I'm encountering a 403 Forbidden error when trying to access a file in a private S3 bucket through an AWS API Gateway endpoint. I've set up the API Gateway to proxy requests to the S3 bucket, but it seems like the permissions are not configured correctly. Here’s my current setup in the API Gateway: - The API Gateway is configured to use a `AWS_IAM` authorizer. - I have an IAM role attached to the API Gateway that should have `s3:GetObject` permissions on the bucket. My IAM policy looks like this: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-private-bucket/*" } ] } ``` The S3 bucket policy is also set to allow access from the API Gateway's execution role: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::YOUR_API_GATEWAY_ACCOUNT_ID:role/YOUR_API_GATEWAY_ROLE" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-private-bucket/*" } ] } ``` I have confirmed that the API Gateway is successfully hitting the endpoint, but the response I receive is always a 403 Forbidden, which suggests that the permissions might not be set properly. I've tried: - Re-creating the API Gateway with a new resource. - Testing with Postman and including the proper AWS Signature in the request headers. - Checking the CloudWatch logs for any additional error details, but they only show the 403 error without further explanation. Does anyone have insight into what might be misconfigured here? Are there any special considerations when linking API Gateway with a private S3 bucket? My development environment is Linux. Am I missing something obvious? This is part of a larger service I'm building. What are your experiences with this? I'd love to hear your thoughts on this.