AccessDenied
llm
auth_error
ai_generated
true
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
ID: llm/llamaindex-index-persistence-s3
90%Fix Rate
90%Confidence
1Evidence
2024-03-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| llama-index 0.10.0 | active | — | — | — |
| llama-index 0.10.1 | active | — | — | — |
| boto3 1.34.0 | active | — | — | — |
Root Cause
Insufficient IAM permissions for the S3 bucket when LlamaIndex attempts to persist index data to cloud storage.
generic中文
当LlamaIndex尝试将索引数据持久化到云存储时,IAM权限不足以访问S3存储桶。
Official Documentation
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-denied.htmlWorkarounds
-
95% success Update IAM policy to include s3:PutObject and s3:PutObjectAcl permissions for the specific bucket: {"Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::your-bucket/*"}
Update IAM policy to include s3:PutObject and s3:PutObjectAcl permissions for the specific bucket: {"Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::your-bucket/*"} -
90% success Switch to local persistence: storage_context.persist(persist_dir='./storage') instead of S3
Switch to local persistence: storage_context.persist(persist_dir='./storage') instead of S3
中文步骤
Update IAM policy to include s3:PutObject and s3:PutObjectAcl permissions for the specific bucket: {"Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::your-bucket/*"}Switch to local persistence: storage_context.persist(persist_dir='./storage') instead of S3
Dead Ends
Common approaches that don't work:
-
Setting AWS region to us-east-1 in boto3 config
95% fail
Region mismatch doesn't cause AccessDenied; it's a permission issue, not location.
-
Adding public access to S3 bucket
85% fail
Public access violates security best practices and doesn't address missing IAM policy.