• Register
0 votes
1.1k views

Problem :

I am facing following error :

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

Whenever I tried to get folder from my S5 bucket using following command :

aws s5 cp s5://bucket-name/data/all-data/ . --recursive

My IAM permissions for the bucket are as below:

{
"Version": "version_id_s5",
"Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname/*"
        ]
    }
] }

What should I update to be able to execute copy and ls successfully?

6 5 3
7,540 points

Please log in or register to answer this question.

1 Answer

0 votes

Solution :

I think you have given all the permission to perform commands on objects only inside the S5 bucket, but you have failed to give the permission to perform any actions on the bucket itself. So please Update your policy to be the following :

I have slightly updated your policy would as below:

{
  "Version": "version_id_s5",
  "Statement": [
    {
        "Sid": "some_id_s5",
        "Effect": "Allow",
        "Action": [
            "s5:*"
        ],
        "Resource": [
            "arn:aws:s5:::bucketname",
            "arn:aws:s5:::bucketname/*"
        ]
    }
  ] 
}

But above update gives more permissions than needed. So following the AWS IAM best practice of Granting Least Privilege would be as follows :

{
  "Version": "2019-12-01",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s5:ListBucket"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s5:GetObject"
          ],
          "Resource": [
              "arn:aws:s5:::bucketname/*"
          ]
      }
  ]
}

 

This will resolve your issue.

9 7 4
38,600 points

Related questions

0 votes
1 answer 11 views
11 views
Problem: I'd like to make it so that an IAM user can download files from an S3 bucket but I'm getting access denied when executing aws s3 sync s3://<bucket_name> . I have tried various things, but not to avail. Some steps that I did: Created a user called s3-full- ... am not even able to make it public, and it leads to error. Update: I updated the bucket policy as follows, but it doesn't work.
asked Apr 26 sumaiya simi 43.9k points
0 votes
1 answer 914 views
914 views
Problem : I have coded one example for how to grant the user access to just one bucket. After that I tested the config using my W3 Total Cache Wordpress plugin. However my test failed. I also tried by reproducing the issue using below command : aws s3 cp ... /my-bucket/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied How can I upload to my bucket?
asked Dec 10, 2019 alecxe 7.5k points
0 votes
1 answer 2.6K views
2.6K views
Problem : I want to setup the Amazon Linux AMI(ami-f0091d91) also I have the script that runs a copy command to copy from the S3 bucket as follows: aws --debug s3 cp s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.noarch.rpm . ... awscli.customizations.s3.s3handler - DEBUG - Exception caught during task execution: A client error (403) occurred when calling the HeadObject operation: Forbidden
asked Dec 9, 2019 alecxe 7.5k points
0 votes
1 answer 17 views
17 views
Problem: Another service operation is currently in progress.
asked Mar 22 Dan phillip 4.8k points
0 votes
1 answer 4 views
4 views
Problem: I have a website with a single quote, which I am not able to browse, and few with the same character on same domain it's getting redirected and I am able opens the URL. l'Union-Europ&eacute;enne-Dans-l'Europe/xxxxx.html when removed ... logs I could find the log with error code 403, not much information other than URI results /l%27Union-Europ%25C3%25A9enne-Dans-l%27Europe/xxxxx.html
asked Apr 26 Yeamin 21.4k points
0 votes
0 answers 248 views
248 views
Problem: I have only managed to have the elementary knowledge on AWS. Currently I am trying to download all of the available files from the s3 bucket to the local machine. I have already installed AWS cli. After that I have tried to use the aws configure to ... the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records. Kindly guide me in fixing above AWS error.
asked Jun 22, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 11 views
11 views
Problem: Can someone tell me why the Site domain redirecting to the URL of the amazon web services bucket?
asked Mar 10 ummesalma 29.2k points
0 votes
1 answer 153 views
153 views
Problem : I have searched on a web for over two days now, and probably have looked through most of a online documented scenarios and workarounds, but nothing realy worked for me so far. I am on a AWS SDK for PHP V2.8.7 running on PHP 5.3. I want to ... pass in the information (example: profile and including credentials in code) but nothing is working at the moment for me. Any solution on my error?
asked Jan 18, 2020 jwilliam 3.9k points
0 votes
1 answer 7 views
7 views
Problem: I am stuck with this ... Please help me that how to deal with this error? aws lambda read file from s3 node js
asked Mar 24 Ifra 34.7k points