Why can I not access the image file in S3 if I am the owner of the file and I have Read and Write access in my permission next to my name ?
Why do I need to make the object Public to everyone ?
These are common questions and understanding them will help you understand S3 access permissions better.
That depends on how you are trying to access it.
Lets step back and look at this in steps.
1. The Bucket and content is owned by the AWS Account. You (as in your IAM account) does not own it, but is given rights to via the Bucket policy, or User policy / Role that you are associated with.
2. There are two ways to access the object from the console:
- When you are looking at the object details in S3 in the top left is an 'Open' button. This allows you to open the object from 'within AWS' and therefore permission comes via the; IAM bucket policy or your IAM account, policy and/or Role.
- However if you use the URL at the bottom, you are accessing it over the internet with the same right as any other anonymous internet user. When you come in from the internet S3 has no way to absolutely identify you from your internet connection so you are considered 'anonymous'. You will notice that it has the AWS S3 public S3 address.
There is no magic were S3 looks at the internet user IP address or browser cookies and checks to see if your account has an IAM user to match based on IP address and guesses as to whether to give you access or not.
When you come in though the public interface you are just 'Public'. The only variation is if you use pre-signed URLs or session cookies where you have by some other means previously identified your browser session as having identity and rights.