S3 Download ... Access Denied Message while running remote-cache

[drathore-lacework]

Hi,

I am looking at logs and trying to understand log message about access-defined message.

Here is my policy for S3 bucket:

.
.
"Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Effect": "Allow",
.
.

This is the log i am concerned about:

S3 DOWNLOAD bazel-cache ac/dd/dd066a3232c8a9f15c2c4e16481e921f973eaaa251abea6841d3ee6e7e15f780 Access Denied

However, I do see S3 UPLOAD, PUT and GET to S3 getting through.

S3 UPLOAD bazel-cache cas.v2/8e/8e9f48fed7e2ee9bda7b40b541fd9d79c130210d0ac6edbdac956f513007210a OK
GET 200   10.253.91.149 /cas/5887a83a90f98b72fb236bede999603f2965c4a0533116b5853fec1357b55cee
PUT 200   10.253.91.149 /cas/97acd9f309644ca8e11c00b0a24b43959e8359fcadbbbbbd04f668f1f3542ad5

Can someone explain what Access Denied message means ? and is there recommended policy for S3 bucket ?

[mostynb]

Access Denied is an error returned by the minio.Core.GetObject library call. My best guess is that this is some sort of misconfiguration on the s3 side, but I do not use s3 myself so can't offer much help debugging this.