IAM User Permission issue with AWS S3
Question
I am having an issue with a user that has been unable to access the bucket from last week on Using aws console, and the error messages are as follows:
"Insufficient permissions to list objects "You don't have permissions to list buckets After you or your AWS administrator have updated your permissions to allow the s3:ListAllMyBuckets action, refresh this page. Learn more about Identity and access management in Amazon S3"
The user have the permission for: abc-ftp ,listBuckets, and cloudfront_admin_policy access
Attach policy from group : cloudfront_admin_policy and abc-ftp. Attach directly policy : listBuckets
Policy status Limited: List, Read Policy listBuckets:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
Cloud front admin policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::cloudfront.abc.com"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::cloudfront.abc.com/*"
]
}
]
}
An Athena query against the user :
If you know anything, I'd be happy to let you know.
Thank you!
1 answers
solution1
-1 2022-06-27 07:39:20
This resolution assumes that the GetObject and PutObject calls are already granted to the AWS Identity Access Management (IAM) user or role. This resolution addresses how to resolve the Access Denied error caused by improper ListBucket permissions or using incorrect sync command syntax with Requester Pays.
Once check the below aws documentation. I hope this helps :)
https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.