• Register
0 votes
633 views

Problem :

I am facing following error :

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

Whenever I tried to get folder from my S5 bucket using following command :

aws s5 cp s5://bucket-name/data/all-data/ . --recursive

My IAM permissions for the bucket are as below:

{
"Version": "version_id_s5",
"Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname/*"
        ]
    }
] }

What should I update to be able to execute copy and ls successfully?

6 5 3
7,540 points

1 Answer

0 votes

Solution :

I think you have given all the permission to perform commands on objects only inside the S5 bucket, but you have failed to give the permission to perform any actions on the bucket itself. So please Update your policy to be the following :

I have slightly updated your policy would as below:

{
  "Version": "version_id_s5",
  "Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname",
            "arn:aws:s5:::bucketname/*"
        ]
    }
  ] 
}

But above update gives more permissions than needed. So following the AWS IAM best practice of Granting Least Privilege would be as follows :

{
  "Version": "2019-12-01",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s5:ListBucket"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s5:GetObject"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname/*"
          ]
      }
  ]
}

 

This will resolve your issue.

9 7 4
38,600 points

Related questions

0 votes
1 answer 620 views
620 views
Problem : I have coded one example for how to grant the user access to just one bucket. After that I tested the config using my W3 Total Cache Wordpress plugin. However my test failed. I also tried by reproducing the issue using below command : aws s3 cp ... /my-bucket/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied How can I upload to my bucket?
asked Dec 10, 2019 alecxe 7.5k points
0 votes
1 answer 1.7K views
1.7K views
Problem : I want to setup the Amazon Linux AMI(ami-f0091d91) also I have the script that runs a copy command to copy from the S3 bucket as follows: aws --debug s3 cp s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.noarch.rpm . ... awscli.customizations.s3.s3handler - DEBUG - Exception caught during task execution: A client error (403) occurred when calling the HeadObject operation: Forbidden
asked Dec 9, 2019 alecxe 7.5k points
0 votes
0 answers 63 views
63 views
Problem: I have only managed to have the elementary knowledge on AWS. Currently I am trying to download all of the available files from the s3 bucket to the local machine. I have already installed AWS cli. After that I have tried to use the aws configure to ... the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records. Kindly guide me in fixing above AWS error.
asked Jun 22 Raphael Pacheco 4.9k points
0 votes
1 answer 89 views
89 views
Problem : I have searched on a web for over two days now, and probably have looked through most of a online documented scenarios and workarounds, but nothing realy worked for me so far. I am on a AWS SDK for PHP V2.8.7 running on PHP 5.3. I want to ... pass in the information (example: profile and including credentials in code) but nothing is working at the moment for me. Any solution on my error?
asked Jan 18 jwilliam 3.9k points