• Register
0 votes
916 views

Problem :

I am facing following error :

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

Whenever I tried to get folder from my S5 bucket using following command :

aws s5 cp s5://bucket-name/data/all-data/ . --recursive

My IAM permissions for the bucket are as below:

{
"Version": "version_id_s5",
"Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname/*"
        ]
    }
] }

What should I update to be able to execute copy and ls successfully?

6 5 3
7,540 points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

I think you have given all the permission to perform commands on objects only inside the S5 bucket, but you have failed to give the permission to perform any actions on the bucket itself. So please Update your policy to be the following :

I have slightly updated your policy would as below:

{
  "Version": "version_id_s5",
  "Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname",
            "arn:aws:s5:::bucketname/*"
        ]
    }
  ] 
}

But above update gives more permissions than needed. So following the AWS IAM best practice of Granting Least Privilege would be as follows :

{
  "Version": "2019-12-01",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s5:ListBucket"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s5:GetObject"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname/*"
          ]
      }
  ]
}

 

This will resolve your issue.

9 7 4
38,600 points

Related questions

0 votes
1 answer 791 views
791 views
Problem : I have coded one example for how to grant the user access to just one bucket. After that I tested the config using my W3 Total Cache Wordpress plugin. However my test failed. I also tried by reproducing the issue using below command : aws s3 cp ... /my-bucket/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied How can I upload to my bucket?
asked Dec 10, 2019 alecxe 7.5k points
0 votes
1 answer 2.2K views
2.2K views
Problem : I want to setup the Amazon Linux AMI(ami-f0091d91) also I have the script that runs a copy command to copy from the S3 bucket as follows: aws --debug s3 cp s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.noarch.rpm . ... awscli.customizations.s3.s3handler - DEBUG - Exception caught during task execution: A client error (403) occurred when calling the HeadObject operation: Forbidden
asked Dec 9, 2019 alecxe 7.5k points
0 votes
0 answers 139 views
139 views
Problem: I have only managed to have the elementary knowledge on AWS. Currently I am trying to download all of the available files from the s3 bucket to the local machine. I have already installed AWS cli. After that I have tried to use the aws configure to ... the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records. Kindly guide me in fixing above AWS error.
asked Jun 22, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 119 views
119 views
Problem : I have searched on a web for over two days now, and probably have looked through most of a online documented scenarios and workarounds, but nothing realy worked for me so far. I am on a AWS SDK for PHP V2.8.7 running on PHP 5.3. I want to ... pass in the information (example: profile and including credentials in code) but nothing is working at the moment for me. Any solution on my error?
asked Jan 18, 2020 jwilliam 3.9k points
0 votes
1 answer 20 views
20 views
Problem: I am trying to create a Security Group using the AWS SDK but it is failing to authenticate it. For a very specific Access Key and Secret Key I have already provided the Administrative rights and then also it fails to validate. I also tried ... .java:1146) at com.sunil.demo.ec2.SetupEC2.createSecurityGroup(SetupEC2.java:84) at com.sunil.demo.ec2.SetupEC2.main(SetupEC2.java:25)
asked Aug 24, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 11 views
11 views
Problem: the aws access key id needs a subscription for the service
asked Feb 19 Dan phillip 2.4k points
0 votes
1 answer 35 views
35 views
Problem: Currently I am trying to run the DMelt programs with the help of Java9 (JDK9) but it is giving me the errors as: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.python.core.PySystemState (file:/dmelt/jehep/lib/jython/jython. ... to a last line of my script "dmelt.sh". I am using the bash in Linux, but it is not fixing this problem.
asked Sep 8, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 660 views
660 views
Problem : I am new to AWS. I want to send SNS messages to the android through the web api. I have already downloaded the AWS SDK for PHP also I have already configured my /.aws/credentials file with required AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Still I ... \aws-php\vendor\aws\aws-sdk-php\src\Aws\Common\InstanceMetadata\InstanceMetadataClient.php on line 85 How can I fix the above error?
asked Feb 26, 2020 mphil 2.3k points
0 votes
1 answer 301 views
301 views
Problem : I am currently facing an issue with MySQL! I am the cPanel user, and I am looking for the solution on my issue. It seems this is more specific than other people with the same error codes issues. Please find below my code for the reference: DELIMITER $$ ... from the code: MySQL said: Documentation #1227 - Access denied; you need (at least one of) the SUPER privilege(s) for this operation
asked Nov 21, 2019 peterlaw 6.9k points