AWS

NoSuchKey - No Such Key

Hitting a **NoSuchKey** error means the S3 object (file) you're trying to access doesn't exist at that key path in the bucket—the object might have been deleted, the key path is misspelled, or it's in a different folder. This client-side error (4xx) happens when AWS can't find the object at the specified key. Most common when object keys have typos, but also appears when objects were deleted, keys have incorrect paths, case sensitivity doesn't match, or objects are in different prefixes/folders.

#Common Causes

  • Identity: IAM policy missing s3:GetObject permission. Bucket policy denies object access. Object encryption requires specific KMS key access.
  • Network: Object in different region. VPC endpoint routing issues. Cross-region replication not complete.
  • Limits: Object key path incorrect. Object was deleted. Case sensitivity mismatch (S3 keys are case-sensitive). Object in different prefix/folder.

Solutions

  1. 1Step 1: Diagnose - List objects in bucket to find correct key: aws s3 ls s3://BUCKET_NAME/ --recursive. Search for similar keys: aws s3 ls s3://BUCKET_NAME/ | grep PATTERN.
  2. 2Step 2: Diagnose - Check if object exists: aws s3api head-object --bucket BUCKET_NAME --key OBJECT_KEY. If 404, object doesn't exist. If 403, check permissions.
  3. 3Step 3: Diagnose - Verify key path: S3 keys are case-sensitive. Check exact spelling: aws s3api list-objects-v2 --bucket BUCKET_NAME --prefix PREFIX. Compare with your key.
  4. 4Step 4: Fix - Check object versioning: aws s3api list-object-versions --bucket BUCKET_NAME --prefix OBJECT_KEY. Object might be deleted but version exists. Restore: aws s3api restore-object --bucket BUCKET_NAME --key OBJECT_KEY.
  5. 5Step 5: Fix - Verify IAM permissions: aws iam simulate-principal-policy --policy-source-arn YOUR_ARN --action-names s3:GetObject --resource-arns arn:aws:s3:::BUCKET_NAME/OBJECT_KEY. Ensure s3:GetObject is allowed.

</>Code Examples

List S3 Objects and Find Correct Key
1#!/bin/bash
2BUCKET_NAME="my-bucket"
3OBJECT_KEY="path/to/file.txt"
4
5# List all objects in bucket (recursive)
6echo "=== All Objects in Bucket ==="
7aws s3 ls s3://${BUCKET_NAME}/ --recursive
8
9# List objects with specific prefix
10PREFIX="path/to/"
11echo "\n=== Objects with Prefix: ${PREFIX} ==="
12aws s3 ls s3://${BUCKET_NAME}/${PREFIX} --recursive
13
14# Search for similar keys
15SEARCH_PATTERN="file"
16echo "\n=== Searching for: ${SEARCH_PATTERN} ==="
17aws s3 ls s3://${BUCKET_NAME}/ --recursive | grep ${SEARCH_PATTERN}
18
19# Check if specific object exists
20echo "\n=== Checking Object: ${OBJECT_KEY} ==="
21aws s3api head-object --bucket ${BUCKET_NAME} --key ${OBJECT_KEY} 2>&1
22if [ $? -eq 0 ]; then
23  echo "✓ Object exists"
24  aws s3api head-object --bucket ${BUCKET_NAME} --key ${OBJECT_KEY} \
25    --query '[LastModified,ContentLength,ContentType]' \
26    --output table
27else
28  echo "✗ Object not found"
29  echo "Listing similar objects..."
30  aws s3api list-objects-v2 --bucket ${BUCKET_NAME} --prefix $(dirname ${OBJECT_KEY})/ \
31    --query 'Contents[*].Key' --output table
32fi
Check Object Versions and Restore Deleted Objects
1#!/bin/bash
2BUCKET_NAME="my-bucket"
3OBJECT_KEY="path/to/file.txt"
4
5# List object versions (if versioning enabled)
6echo "=== Object Versions ==="
7aws s3api list-object-versions \
8  --bucket ${BUCKET_NAME} \
9  --prefix ${OBJECT_KEY} \
10  --query 'Versions[*].[VersionId,IsLatest,LastModified]' \
11  --output table
12
13# Check for delete markers
14echo "\n=== Delete Markers ==="
15aws s3api list-object-versions \
16  --bucket ${BUCKET_NAME} \
17  --prefix ${OBJECT_KEY} \
18  --query 'DeleteMarkers[*].[VersionId,IsLatest,LastModified]' \
19  --output table
20
21# Restore deleted object (remove delete marker)
22DELETE_MARKER_VERSION_ID="xxxxx"  # Replace with actual version ID
23echo "\n=== Restoring Object ==="
24aws s3api delete-object \
25  --bucket ${BUCKET_NAME} \
26  --key ${OBJECT_KEY} \
27  --version-id ${DELETE_MARKER_VERSION_ID}
28
29# Or restore from Glacier/Deep Archive
30echo "\n=== Restoring from Glacier ==="
31aws s3api restore-object \
32  --bucket ${BUCKET_NAME} \
33  --key ${OBJECT_KEY} \
34  --restore-request '{"Days":7,"GlacierJobParameters":{"Tier":"Expedited"}}'
Verify IAM Permissions for S3 Object
1#!/bin/bash
2# Check your identity
3IDENTITY_ARN=$(aws sts get-caller-identity --query Arn --output text)
4BUCKET_NAME="my-bucket"
5OBJECT_KEY="path/to/file.txt"
6
7# Simulate s3:GetObject permission
8echo "=== Simulating s3:GetObject Permission ==="
9aws iam simulate-principal-policy \
10  --policy-source-arn ${IDENTITY_ARN} \
11  --action-names s3:GetObject \
12  --resource-arns "arn:aws:s3:::${BUCKET_NAME}/${OBJECT_KEY}" \
13  --query 'EvaluationResults[0].[EvalDecision,EvalResourceName,MatchedStatements[0].SourcePolicyId]' \
14  --output table
15
16# Check bucket policy
17echo "\n=== Bucket Policy ==="
18aws s3api get-bucket-policy --bucket ${BUCKET_NAME} 2>&1 | jq '.' || echo "No bucket policy"
19
20# Note: S3 keys are case-sensitive
21echo "\n=== Case Sensitivity Check ==="
22echo "Original key: ${OBJECT_KEY}"
23echo "Trying lowercase: $(echo ${OBJECT_KEY} | tr '[:upper:]' '[:lower:]')"
24aws s3api head-object --bucket ${BUCKET_NAME} --key $(echo ${OBJECT_KEY} | tr '[:upper:]' '[:lower:]') 2>&1 | head -1

Related Errors

NoSuchBucketAccessDenied

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

NoSuchKey - No Such Key | AWS Error Reference | Error Code Reference