stackoom
  简体   繁体   中英

AWS S3 IAM user can't access bucket

 原文  2016-08-30 09:16:54       amazon-web-services/ amazon-s3/ amazon-iam

Question

I have an IAM user called server that uses s3cmd to backup up to S3 . 

s3cmd sync /path/to/file-to-send.bak s3://my-bucket-name/

Which gives: 

ERROR: S3 error: 403 (SignatureDoesNotMatch): The request signature we calculated does not match the signature you provided. Check your key and signing method.

The same user can send email via SES so I know that the access_key and secret_key are correct.

I have also attached AmazonS3FullAccess policy to the IAM user and clicked on Simulate policy . I added all of the Amazon S3 actions and then clicked Run simulation . All of the actions were allowed so it seems that S3 thinks I should have access. The policy is: 

{
"Version": "2012-10-17",
"Statement": [
  {
  "Effect": "Allow",
  "Action": "s3:*",
  "Resource": "*"
  }
 ]
}

The only way I can get access is to use use the root accounts access_key and secret_key . I can not get any IAM user to be able to login.

Using s3cmd --debug gives: 

DEBUG: Response: {'status': 403, 'headers': {'x-amz-bucket-region': 'eu-west-1', 'x-amz-id-2': 'XXX', 'server': 'AmazonS3', 'transfer-encoding': 'chunked', 'x-amz-request-id': 'XXX', 'date': 'Tue, 30 Aug 2016 09:10:52 GMT', 'content-type': 'application/xml'}, 'reason': 'Forbidden', 'data': '<?xml version="1.0" encoding="UTF-8"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>XXX</AWSAccessKeyId><StringToSign>GET\n\n\n\nx-amz-date:Tue, 30 Aug 2016 09:10:53 +0000\n/XXX/</StringToSign><SignatureProvided>XXX</SignatureProvided><StringToSignBytes>XXX</StringToSignBytes><RequestId>490BE76ECEABF4B3</RequestId><HostId>XXX</HostId></Error>'}
DEBUG: ConnMan.put(): connection put back to pool (https://XXX.s3.amazonaws.com#1)
DEBUG: S3Error: 403 (Forbidden)

Where I have replaced anything sensitive looking with XXX .

Have I missed something in the permissions setup?

1 answers

solution1
 0  2016-08-30 11:44:23

explictly use the correct iam access key and secret key used with the s3cmd ie 

s3cmd --access_key=75674745756 --secret_key=F6AFHDGFTFJGHGH sync /path/to/file-to-send.bak s3://my-bucket-name/

The error shown is for an incorrect access key and/or secret key

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Amazon S3 IAM User can' access S3 bucket AWS:Allowing Access to an IAM application user to a specific S3 bucket AWS: s3 bucket policy does not give IAM user access to upload to bucket, throws 403 error AWS S3 - Assign limited permission to bucket & create IAM who can access that bucket only AWS IAM User Access to S3 IAM user can only access S3 bucket when bucket is set to public AWS IAM Policy to allow user access to specific S3 bucket for backup How to give external AWS IAM user access to specific S3 Bucket folder How to grant access only to the Root Account User for an S3 bucket with IAM Policy AWS? AWS S3 - How to restrict an IAM user to just a single bucket?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM