What Is HTTP 403 Forbidden?
HTTP 403 Forbidden explained, and what it means when you see it in CI/CD and deployments.
HTTP 403 means the server understood the request but refuses to authorize it.
What it means
A 403 is about authorization (permissions), not identity. You are recognized but lack permission for the resource or action.
When you see it in CI/CD
In CI, a 403 often means a token has insufficient scopes (e.g. a GITHUB_TOKEN without packages: write) or an IAM policy is too narrow. Fix the permissions; retrying will not help.
Key takeaways
- 403 means permission denied.
- Token scope or IAM policy is too narrow.
- Retrying will not fix it.
Related guides
What Is HTTP 401 Unauthorized?HTTP 401 Unauthorized means authentication failed or is missing. Learn the common CI causes.
What Is Least-Privilege CI? Giving Pipelines Only What They NeedLeast-privilege CI grants pipelines the minimum permissions required for each job. Learn how to apply it and…
What Is an IAM Role? Assumable AWS IdentitiesAn IAM role is an assumable AWS identity that grants temporary credentials instead of permanent keys. Learn w…