So from your error above, it shows that you do not have access to the Public folder of that bucket when trying to publish.
Basically, I would look at the following docs to understand SS file system with assets -
Protected assets, are only accessible via Signed URLs as they are protected, those URLs only last for some time, then expire. If you refresh the page though it should regenerate the url… When a file is ‘published’ it removes the file from the protected folder (or whatever your preset is set to in your env configuration) and moves it to the public folder. Then at that point the public folder on your bucket should be able to be accessed from anywhere at all times and should not need a signed url.
So if I had to guess on your bucket, the public folder isn’t actually allowing public access. If you look at the Readme of the S3 module we provide an example bucket policy to make sure the assets are public. If you already have existing files in the public folder before you setup your bucket policy, you will have to grant those public read access manually to those existing files.