Meaning
AWS denied the request because the IAM principal lacks permission or a resource policy/SCP blocks it.
Causes
- Missing IAM permissions for the action
- Explicit deny in IAM policy or Service Control Policy
- Resource policy does not allow the principal
Fixes
- Grant the required IAM permissions
- Check for explicit denies in IAM policy/SCP
- Update the resource policy to allow the principal
Example
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
FAQ
- Is this an IAM policy issue?
Usually yes, either a missing allow or an explicit deny. - Can resource policies override IAM?
Yes. Resource policies and SCPs can block access even if IAM allows it.
Contact
Contact your AWS admin or account owner if you need access.