After I set up Imagekit connecting to S3 bucket correctly with IAM policy having the s3:GetObject
to the bucket, I got an error accessing the image through Imagekit url.
The error message is
EACCES - Access denied by AWS S3. Check attached IAM policy on AWS
Imagekit actually needs more than just action s3:GetObject
in the policy if your objects in the S3 buckets are server-side encrypted. It will kms:Decrypt
as well. This is not in their documentation as 2022/06/16.
My IAM policy is like the following to make Imagekit access correctly.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ImagekitObjectAccess",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::[imagekit-bucket-name]/*"
]
},
{
"Sid": "ImagekitObjectEncryptingKeyAccess",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:us-east-1:187681360541:key/[object-encrypting-key-id]"
]
}
]
}