aws ios sdk - Issue downloading images from s3

Question

I am trying to download the images from my s3 bucket using iOS sdk (swift), but i am always getting access-denied error

Domain=com.amazonaws.AWSS3ErrorDomain Code=1 "(null)" UserInfo={HostId=asadadadadadad=, Message=Access Denied, Code=AccessDenied, RequestId=A467438974F8127B}]

It works juts fine with the uploads, when i don't use any ACL settings. If i set the ACL

 let uploadRequest = AWSS3TransferManagerUploadRequest()
 uploadRequest.ACL = AWSS3ObjectCannedACL.AuthenticatedRead

both upload & download fails.

below are my cognito & IAM policies

{
  "Version": "2012-10-17",
  "Statement": [
    {
    "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource":["arn:aws:s3:::yimages/*"]
    },{
    "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource":["arn:aws:s3:::yimages"]
    }
  ]
}

and

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddCannedAcl",
      "Effect":"Allow",
      "Principal": "*",
     "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource":["arn:aws:s3:::yimages/*"]
    }
  ]
}

i am sure this is something todo with the policies, but i cant figure out what.. whats puzzling me is how come the upload works but the download??

any help is much appreciated..

Answer 1

1. GetObject & PutObject refer to actions on objects within the bucket & do not apply to the bucket (arn:aws:s3:::yimages). For the bucket itself, you need to provide Bucket actions like below :

"Action": [
            "s3:GetBucketLocation",
            "s3:ListBucket",
            "s3:ListAllMyBuckets"
        ]

2. You could try adding similar policy into the explicit 'Bucket Policy' section of the 'Permissions' tab to specify Bucket & Object level permissions