Access denied error when trying to overwrite object using s3 credentials

I can’t seem to overwrite existing objects in a bucket with the same key. The initial flow:

1.) Get presigned URL
2.) Upload object to bucket location (key)

All good there.

Then, when I try and re-initiate the same flow using the same bucket location/key, I get “Access Denied”. My current s3 credentials include READ, WRITE, and DELETE.

FWIW, I’m performing multipart uploads and CompleteMultipartUpload and AbortMultipartUpload are failing (on the second go around).

Any suggestions?

Did you try to use these S3 credentials with aws CLI to overwrite an object?

Yes I used the same credentials to both initially upload the object as well as overwrite the object.

No, I mean to check these credentials with aws CLI, not via presigned URLs.

Yeah I’ve tried simply doing a PutObjectCommand without the presigned URL part. I still get the AccessDenied error.

Is it possible that your credentials is limited to the object, not the prefix or the bucket?
Could you please generate another ones S3 credentials but also with LIST permissions in additional to write, read and delete to the prefix/bucket?

Interesting, adding the LIST permission seems to work, though I’m not sure why. Thanks for the suggestion!

1 Like

Maybe because there is no replace actually. It need to check the existence of the piece (and here you need a LIST permission), delete the piece and upload a new one.
You may make a persistent storage this way - give only write permissions, and you would be able to upload, but not list, read or delete, so no possible to alter something.