try using aws s3api to check the bucket policy. https://docs.aws.amazon.com/cli/latest/reference/s3api/ --> check the command for bucket policy here. I believe something is missing in there that is causing permission denied.