AWS Access Denied when download file from bucket

Hello everyone,

I am using Amazon Web Services Activities to download some files from a bucket. I don’t have access to the AWS user, but I am using an user and a key provided by my company.
I keep receiving this same error:

For Each Object in Bucket: Failed to get s3 object: Access Denied
Error: Access Denied
aws_problem|690x360

I don’t really understand what kind of permissions I have to change, has someone faced this problem before?

Thank you everyone!!

@Gmar the AWS Scope can connect using 2 methods:

1. Access Keys

  • AccessKeyId - The access key used to connect to Amazon Web Services. This field supports only strings and String variables.
  • SecretAccessKey - Specifies the secret key used for connecting to Amazon Web Services. This field supports only SecureString variables.

2. IAMRole


Please make sure that this is what you have received from your colleagues - share with them the links below:

3 Likes

Thank you for your answer! I am connecting using AccessKeyId and SecretAccessKey

Next step is to check if the bucket policy or IAM policies allow the Amazon S3 actions that you need: S3:GetObject

Please see if you have proper IAM access to S3:

4 Likes

We tried out and found that the AWS user need the permissions to perform actions listed below to resolve the error - “For Each Object in Bucket: Failed to get s3 object: Access Denied” .

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketVersions",
                "s3:GetBucketAcl"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetObjectTagging",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        }
    ]
}

Hello Andrei and team, customer is getting the Access Denied error, and the detailed error message says:
"00:04:05.7262 Error {“message”:“UiPath.AmazonWebServices.Core.AWSException: Failed to get the bucket details: The request signature we calculated does not match the signature you provided. Check your key and signing method.\r\nError: The request signature we calculated does not match the signature you provided. Check your key and signing method.”

Does it mean the keys are wrong?

That error is returned by AWS for all sort of things, it doesn’t point us in a clear direction, but in general the problem will be with the key:

  • check if the value you set for the key in the Scope activity is correct (eg extra spaces, escaped characters, etc)
  • check the key’s expiration date

As a last resort generate a new key and try with that one.

how do we handle key with "" in it? can you help

will it cause any issue if the key has \u or \t ?