👀 Views: 37 💬 Answers: 1 📅 Created: 2025-06-09

aws s3 boto3 permissions Python

I'm testing a new approach and I'm experimenting with I'm sure I'm missing something obvious here, but After trying multiple solutions online, I still can't figure this out... I'm having trouble generating pre-signed URLs for my S3 objects using the `boto3` library in Python. Even though my IAM user has the necessary permissions to perform `s3:GetObject`, when I try to access the pre-signed URL, I get a 403 Forbidden behavior. Here’s the code I'm using to generate the URL: ```python import boto3 s3_client = boto3.client('s3') bucket_name = 'my-bucket' object_key = 'path/to/my/file.txt' # Generate pre-signed URL try: url = s3_client.generate_presigned_url( 'get_object', Params={'Bucket': bucket_name, 'Key': object_key}, ExpiresIn=3600 ) print('Pre-signed URL:', url) except Exception as e: print('behavior generating pre-signed URL:', e) ``` The IAM policy for the user looks like this: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/path/to/my/file.txt" } ] } ``` I’ve double-checked the bucket name and the object key for typos, and I know that the object exists in the specified bucket. I also verified that the bucket policy allows public access to the object, but I suspect that might be conflicting with the IAM permissions. Additionally, I have confirmed that the `boto3` version I’m using is `1.18.0`. Can anyone guide to troubleshoot why I'm getting the 403 Forbidden behavior when trying to access the generated URL? Am I missing something in the permissions or configuration? This is part of a larger CLI tool I'm building. Thanks in advance! Am I missing something obvious? I'm working on a desktop app that needs to handle this.