[Cyberduck-trac] [Cyberduck] #6952: S3 restricted folder access denied permissions

Cyberduck trac at trac.cyberduck.ch
Thu Nov 8 07:00:56 CET 2012 

#6952: S3 restricted folder access denied permissions
-----------------------+---------------------------
    Reporter:  detail  |      Owner:
        Type:  defect  |     Status:  new
    Priority:  normal  |  Milestone:
   Component:  core    |    Version:  4.2.1
    Severity:  normal  |   Keywords:
Architecture:  Intel   |   Platform:  Mac OS X 10.7
-----------------------+---------------------------
 I have been playing with the IAM permissions forever now and read
 everything I possibly can.

 I am starting to wonder if it is something to do with Cyberduck possibly
 from what I read on another S3 browser software site, which is OK.  But I
 just need to verify what's going on, and any help is sooo much
 appreciated.

 I get the following error when trying to create a folder or upload a file:
 S3 Error: Cannot create folder test
 S3 Error Message. Forbidden. Access Denied.

 I have the the path when I login to S3 set to:
 /bucket/site/wp-content/themes/

 That works and I get a listing of all folders and file in there.  But when
 I try to upload or download anything in there  I get the error above.

 Here is my current IAM permissions:

 {
   "Statement": [
     {
       "Sid":
 "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
       "Action": [
         "s3:ListAllMyBuckets",
         "s3:GetBucketLocation",
         "s3:ListBucket",
         "s3:ListBucketMultipartUploads"
       ],
       "Effect": "Allow",
       "Resource": [ "arn:aws:s3:::*" ]
     },
     {
       "Sid": "AllowRootLevelListingOfCompanyBucket",
       "Action": [
         "s3:DeleteObject",
         "s3:ListBucket",
         "s3:PutObject",
         "s3:GetObject",
         "s3:GetBucketLocation",
         "s3:ListMultipartUploadParts"
       ],
       "Effect": "Allow",
       "Resource": [
         "arn:aws:s3:::bucket",
         "arn:aws:s3:::bucket/*"
       ],
       "Condition":{
            "StringLike":{
               "s3:prefix":"site/wp-content/themes",
               "s3:prefix":"site/wp-content/themes/*"
            }
       }
     }
   ]
 }


 Please any help fixing the permissions or letting me know it's a known
 issue when trying to only give access to a specific location with
 Cyberduck would help.

 I just want to let these users in this IAM group have access to
 download/upload/delete files in the following location only:
 /bucket/site/wp-content/themes/*

 Thank you again everyone for taking the time to read this. :)

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/6952>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.

More information about the Cyberduck-trac mailing list