I found myself in the position in the title of this post. To skip to the root cause, I had configured a VPC endpoint and configured the bucket policy to allow access from only the associated VPC. That makes sense. What I thought was odd was that I could navigate through the console and not see anything, but ultimately change the policy to allow access. Odd…
Overview…
![](http://appcrawler.com/wordpress/wp-content/uploads/2019/01/image-2-1024x484.png)
…and the permissions…
![](http://appcrawler.com/wordpress/wp-content/uploads/2019/01/image-3.png)
…after which I can simply click on the Bucket Policy link and change it to whatever is needed…
![](http://appcrawler.com/wordpress/wp-content/uploads/2019/01/image-4.png)