[Cyberduck-trac] [Cyberduck] #5731: Access for IAM users
Cyberduck
trac at trac.cyberduck.ch
Mon Feb 28 19:50:42 CET 2011
#5731: Access for IAM users
---------------------------+-------------------------
Reporter: tedp | Owner:
Type: defect | Status: reopened
Priority: normal | Milestone: 4.0
Component: s3 | Version: 3.8.1
Severity: normal | Resolution:
Keywords: S3 AIM | Architecture: Intel
Platform: Mac OS X 10.6 |
---------------------------+-------------------------
Comment (by tedp):
Replying to [comment:4 dkocher]:
> Can you paste the policy including the resource restriction you are
using?
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketname/foldername/*",
"Condition": {}
}
]
}
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::*",
"Condition": {
"StringLike": {
"s3:prefix": "foldername/*"
}
}
}
]
}
Please note that if we add the following policy, it works, but the user
sees a list of all our buckets:
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::",
"Condition": {}
}
]
}
Thanks for the quick follow up.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/5731#comment:5>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.
More information about the Cyberduck-trac
mailing list