[Cyberduck-trac] [Cyberduck] #6952: S3 restricted folder access denied permissions
Cyberduck
trac at trac.cyberduck.ch
Thu Nov 8 07:00:56 CET 2012
#6952: S3 restricted folder access denied permissions
-----------------------+---------------------------
Reporter: detail | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: core | Version: 4.2.1
Severity: normal | Keywords:
Architecture: Intel | Platform: Mac OS X 10.7
-----------------------+---------------------------
I have been playing with the IAM permissions forever now and read
everything I possibly can.
I am starting to wonder if it is something to do with Cyberduck possibly
from what I read on another S3 browser software site, which is OK. But I
just need to verify what's going on, and any help is sooo much
appreciated.
I get the following error when trying to create a folder or upload a file:
S3 Error: Cannot create folder test
S3 Error Message. Forbidden. Access Denied.
I have the the path when I login to S3 set to:
/bucket/site/wp-content/themes/
That works and I get a listing of all folders and file in there. But when
I try to upload or download anything in there I get the error above.
Here is my current IAM permissions:
{
"Statement": [
{
"Sid":
"AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": [ "arn:aws:s3:::*" ]
},
{
"Sid": "AllowRootLevelListingOfCompanyBucket",
"Action": [
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/*"
],
"Condition":{
"StringLike":{
"s3:prefix":"site/wp-content/themes",
"s3:prefix":"site/wp-content/themes/*"
}
}
}
]
}
Please any help fixing the permissions or letting me know it's a known
issue when trying to only give access to a specific location with
Cyberduck would help.
I just want to let these users in this IAM group have access to
download/upload/delete files in the following location only:
/bucket/site/wp-content/themes/*
Thank you again everyone for taking the time to read this. :)
--
Ticket URL: <http://trac.cyberduck.ch/ticket/6952>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.
More information about the Cyberduck-trac
mailing list