Problem description
The request is denied by a Virtual Private Cloud (VPC) policy.
Causes
A policy is attached to the VPC where the client that initiates the request resides. The policy restricts access to specific buckets, so requests to any bucket not explicitly allowed are denied.
Examples
The following VPC policy allows access only to examplebucket. Requests to any other bucket are denied.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "oss:*",
"Principal": "*",
"Resource": [
"acs:oss:*:*:examplebucket",
"acs:oss:*:*:examplebucket/*"
]
}
]
}Solutions
Before modifying the VPC policy, confirm that the VPC policy is the source of the denial. In the VPC console, check the policy attached to your VPC and verify that the bucket you are trying to access is not listed as an allowed resource.
Modify the VPC policy to include the buckets your application needs to access. For step-by-step instructions, see Tutorial: Use VPC policies and bucket policies to control data access.