What is a possible cause of the issue?
The S3 ACL for the S3 bucket fails to explicitly grant access to the Application Developer
The AWS KMS key for the S3 bucket fails to list the Application Developer as an administrator
The S3 bucket policy fails to explicitly grant access to the Application Developer
The S3 bucket policy explicitly denies access to the Application Developer
Explanations:
The S3 ACL controls access at the object level and typically allows fine-grained control, but it is unlikely to be the issue if the IAM policy permits access.
The AWS KMS key permissions are required to decrypt objects in the S3 bucket. However, this issue is unrelated to the IAM policy or bucket access, so it’s not the root cause.
If the IAM policy already grants the required access, the bucket policy does not need to explicitly grant access. However, missing bucket policies may lead to issues.
If the S3 bucket policy explicitly denies access to the Application Developer, it would override the permissions granted by the IAM policy, causing the access issue.