AWS S3 access denied when getting image by url

PHP sdk v2

1. the Credentials package is Aws\Common\Credentials
2. to create an S3Client you need a factory

Try something like this

use Aws\S3\S3Client;use Aws\Common\Credentials\Credentials;$credentials = new Credentials('YOUR_ACCESS_KEY', 'YOUR_SECRET_KEY');// Instantiate the S3 client with your AWS credentials$s3Client = S3Client::factory(array(    'signature' => 'v4',    'region' => 'ap-southeast-1',    'credentials' => $credentials,    .....  ]);)

If that does not work you might try to declare explicitly a SignatureV4 object

use Aws\S3\S3Client;use Aws\Common\Credentials\Credentials;use Aws\Common\Signature\SignatureV4;$credentials = new Credentials('YOUR_ACCESS_KEY', 'YOUR_SECRET_KEY');// Instantiate the S3 client with your AWS credentials$s3Client = S3Client::factory(array(    'signature' => new SignatureV4(),    'region' => 'ap-southeast-1',    'credentials' => $credentials,    .....  ]);)

In case you upgrade to sdk v3

1. You need to have signature_version (instead of signature) as parameter when you declare your s3 client
2. Statement does not appear to be a valid parameter (http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#signature-version)
3. if issue you can turn on debug param to get more output

This would look like this

$s3 = new Aws\S3\S3Client([    'signature_version' => 'v4',    'version' => 'latest',    'region' => 'ap-southeast-1',    'credentials' => $credentials,    'http' => [        'verify' => '/home/ubuntu/cacert.pem'    ],    'debug'   => true  ]);

see here for the full list of available parameter

I have also face this issue with aws:kms encyrption key, I suggest that if you wanted to use kms key then you have to create your kms key in IAM section of AWS Console. I love to recommended AES256 server side encryption, here S3 automatically Encrypted your data while putting and decryption while getting object. Please go through below link:S3 Server Side encryption with AES256

My Solution is change this line 'ServerSideEncryption' => 'aws:kms' with 'ServerSideEncryption' => 'AES256'

 try {    $result = $this->Amazon->S3->putObject(array(        'Bucket' => 'mytest.sample',        'ACL' => 'authenticated-read',        'Key' =>  $newfilename,        'ServerSideEncryption' => 'AES256',        'SourceFile' => $filepath,        'ContentType' => mime_content_type($filepath),        'debug' => [            'logfn' => function ($msg) {                echo $msg . "\n";            },            'stream_size' => 0,            'scrub_auth' => true,            'http' => true,        ],    ));} catch (S3Exception $e) {    echo $e->getMessage() . "\n";}

Please also update your bucket policy with below json, it will prevent you to upload object with out AES256 encryption

{        "Sid": "DenyUnEncryptedObjectUploads",        "Effect": "Deny",        "Principal": "*",        "Action": "s3:PutObject",        "Resource": "arn:aws:s3:::yourbucketname/*",        "Condition": {            "StringNotEquals": {                "s3:x-amz-server-side-encryption": "AES256"            }        }    }