stackoom
  简体   繁体   中英

Why bucket policy does not provide IAM user to list s3 buckets even bucket policy is set for the user?

 原文  2021-05-14 14:10:34       amazon-web-services/ amazon-s3/ amazon-iam

Question

I have created bucket poc-work from admin account, and under this policy I have set policy like below:

{
    "Version": "2012-10-17",
    "Id": "Policy1620674317608",
    "Statement": [
        {
            "Sid": "Stmt1321974214233",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::accound-id:user/iam-user"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::poc-work",
                "arn:aws:s3:::poc-work/*"
            ]
        }
    ]
}

I have not attached any aws managed policy like s3readonly to IAM user, but I am under assumption that setting bucket policy should make bucket visible to IAM user. But when IAM user log in and check for s3 service there is error message: You don't have permissions to list buckets

I have below queries:

  1. can't I create bucket policy that enables list s3 buckets?
  2. Is it necessary to attach policy already defined browsing on IAM console and then rest of operations control with bucket policy?

1 answers

solution1
 0  2021-05-14 15:29:30

You are giving the user permission for one bucket, but if the user is going through the console the user needs the ListAllBuckets permission to see all the buckets that exist in the account. So you do need to add permissions to the IAM user as well--not just the one bucket.

Also see:

The 1st link says:

ListAllMyBuckets is required for seeing the list of buckets via the AWS console. It is a MUST if you plan to use the console for S3 administration. If you don't have this permission you basically won't see any of the buckets in the S3 console despite whatever other permissions you have configured and therefore can't take any action upon them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access is denied even if IAM user is specified in S3 bucket policy IAM Policy to list specific folders inside a S3 bucket for an user Does S3 provide any bucket policy to share the objects to IAM user for a limited time? AWS: s3 bucket policy does not give IAM user access to upload to bucket, throws 403 error Access denied on AWS s3 bucket even with bucket and/or user policy Proper (optimal) configuration of S3 Bucket Policy with IAM User IAM user policy returning 403 Forbidden on Amazon S3 bucket IAM Policy to determine S3 Bucket access based on user tags IAM policy on S3 bucket why user can't access our S3 bucket even after I granted in the bucket policy?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM