Troubleshooting IAM and Amazon S3 - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Troubleshooting IAM and Amazon S3

Use the information here to help you troubleshoot and fix issues that you might encounter when working with Amazon S3 and IAM.

How do I grant anonymous access to an Amazon S3 bucket?

You use an Amazon S3 bucket policy that specifies a wildcard (*) in the principal element, which means anyone can access the bucket. With anonymous access, anyone (including users without an Amazon Web Services account) will be able to access the bucket. For a sample policy, see Example Cases for Amazon S3 Bucket Policies in the Amazon Simple Storage Service User Guide.

I'm signed in as an Amazon Web Services account root user; why can't I access an Amazon S3 bucket under my account?

In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM user assigns a bucket policy to an Amazon S3 bucket and doesn't specify the Amazon Web Services account root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucket. To do that, modify the bucket policy to allow root user access from the Amazon S3 console or the Amazon CLI. Use the following principal, replacing 123456789012 with the ID of the Amazon Web Services account.

"Principal": { "AWS": "arn:aws-cn:iam::123456789012:root" }