5 Important Issues with AWS S3 and How to Fix Them

If you have a huge amount of data to store, Amazon S3 appears as an ideal solution. It gives you the ability to save and analyze your mobile apps, websites, or any customized data without having to worry about the cost.

Amazon S3 benefits you in many cases. The storage makes it easy for you to migrate it to other platforms. You can also enhance data security with SSL transference as well as file access permissions.

Still, there are times you find it difficult working with AS3 due to problems related to access keys or files and folder accessibility. Although these are not huge issues, it affects the storage performance and effectiveness directly.

In today’s post, we’ll troubleshoot 5 important problems of Amazon S3, why they happen, and how to fix them.

Issue #1: Space in AWS S3 Keys

You sometimes want to copy files from this bucket to another. However, this will create a problem of replacing the space in the file name of the old folder with the plus icon (+) when it’s moved to the new bucket.

For example, while your right file name is “Digital Product Files,” it’s changed into “Digital+Product+Files.”

Although you can easily understand the new file title, you shouldn’t leave it like that. This makes the lambda function fail when it tries to file your file name.

To fix this, you can​​ use this code:

java.net.URLDecoder.decode(b.getS3().getObject().getKey(), "UTF-8")
{
    "Records": [
        {
            "s3": {
                "object": {
                    "key": "Digital+Product+Files.txt"
                }
            }
        }
    ]
}

Issue #2: Unable to Access a File or Folder in an S3 Bucket

There must be a time you can’t open a specific prefix or object in your Amazon S3 bucket while others are available. Well, you’re not the only person facing this issue.

Before taking any action to fix this, you should double-check your setting permissions to make sure you’re not denying your own access to this file. These are certain settings you can notice:

  • Who owns the file/folder
  • Bucket restriction policy
  • Restriction policy on AWS Identity and IAM
  • AWS Key Management Service object permissions

Plus, you can only read your file/folder when it’s locked using an AWS-managed KMS key.

Apart from AWS Identity and IAM as well as AWS-managed KMS, other policies such as VPC endpoint and service control (SCPs) also restrict your accessibility.

There are 3 different cases for which you will have different solutions. The first situation is file ownership. Follow this 3-steps guide on how to get file access permission:

  1. Get your S3 account’s canonical ID by running this  AWS Command Line Interface command
    aws s3api list-buckets --query Owner.ID
  2. Get the file owner’s canonical ID by run this command
    aws s3api list-objects --bucket DOC-EXAMPLE-BUCKET --prefix index.html

    These 2 canonical IDs should match with each other. If they don’t look the same, it means you are not the owner of the object, then you have to request the file uploader to give you permission. 

  3. File owners can run this command to grant you access
aws s3api put-object-acl --bucket DOC-EXAMPLE-BUCKET --key object-name --acl bucket-owner-full-control

In case you’re not able to view the file due to the bucket policy restriction, follow the instruction below:

  1. Open your Amazon S3 console
  2. Head to the desired bucket with the policy you want to review
  3. Click on the Permissions tab
  4. Select Bucket policy
  5. Find the “Effect”: “Deny” section and see which prefix/object access is rejected
  6. Remove “Effect”: “Deny” statements preventing you from seeing that file/folder

Issue #3: Fail to Copy an Object between Two S3 Buckets

While the first error of file naming happens after you move a file from this bucket to another, this case even blocks you from the starting stage of moving your files.

This may be because you don’t have permissions to the s3:ListBucket and s3:GetObject actions on the source bucket.

Take these 3 steps to effectively handle this:

  1. Go to your Amazon S3 console
  2. Head to the object you intend to copy
  3. Open the file’s Permissions tab
  4. Look over the values under Access for object owner and Access for other AWS accounts sections.

If you aren’t the file owner and at the same time the file owner doesn’t grant you access to the file, you need to ask them to change the ACL to your desired settings.

Additionally, you won’t be able to copy a file from the Amazon S3 Glacier storage class. It requires you to restore the file/folder from Amazon S3 Glacier before copying the object.

Issue #4: 403 Access Denied Error

403 comes as a common error that users often run into when attempting to view their S3 objects. You can resolve this by checking the bucket policy or associated IAM user policies if there are any statements denying access improperly.

Simply use multi-factor authentication, encryption keys, an certain IP address, and a specific VPC endpoint to review deny statements. For instance, the bucket policy below allows everyone to download the YOUR-EXAMPLE-BUCKET in Statement1 but at the same time, it blocks users from downloading in Statement2 unless they’re from the vpce-1a2b3c4d source.

{
  "Id": "Policy1234567890123",
  "Version": "2021-08-24",
  "Statement": [
    {
      "Sid": "Statement1",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::YOUR-EXAMPLE-BUCKET/*",
      "Principal": "*"
    },
    {
      "Sid": "Statement2",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Deny",
      "Resource": "arn:aws:s3:::YOUR-EXAMPLE-BUCKET/*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceVpce": "vpce-1a2b3c4d"
        }
      },
      "Principal": "*"
    }
  ]
}

More importantly, make sure you don’t include any spaces in the bucket policy or IAM user policies as the Amazon Resource Name may be evaluated incorrectly.

Issue #5: “The AWS Access Key ID you provided does not exist in our records.” Error

Last but not least, you used to come across the message saying “The AWS Access Key ID you provided does not exist in our records.” This occurs when you try to access your S3 bucket via the AWS Command Line Interface (AWS CLI), an AWS SDK, or your own application.

The methods you will apply depending on which type of IAM you’re using. If you use an IAM role, go through these 2 steps and you can solve the problem with ease:

  1. Go to the IAM console > Roles
  2. Make sure the consoles list the IAM role. If not, you have to add a new IAM role

In case you’re utilizing an IAM user, simply

  1. Go to IAM console and open Users
  2. Check to see if the IAM user is listed. If not, just create a new IAM user.
  3. If yes, decide the user name to view its Summary page.
  4. Head to the Security credentials tab and look at the Access keys shown up. If the access keys are in the missing or inactive status, then you have to create new ones or activate the keys.

That’s it!

Resolve Your AWS S3 Problems Now!

Amazon S3 proves easy-to-use storage to save your site and application data. However, you may sometimes face some unexpected errors that prevent you from accessing your objects.

We’ve listed out the 5 most popular issues along with reasons why they happen and simple ways to troubleshoot them.

If you still have any questions about S3 issues, don’t hesitate to let us know in the comment section below

Leave a Reply

Your email address will not be published. Required fields are marked *