[Cyberduck-trac] [Cyberduck] #6952: S3 restricted folder access denied permissions
Cyberduck
trac at trac.cyberduck.ch
Sun Nov 25 14:23:34 CET 2012
#6952: S3 restricted folder access denied permissions
---------------------------+------------------------
Reporter: detail | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 4.2.1
Severity: normal | Resolution:
Keywords: | Architecture: Intel
Platform: Mac OS X 10.7 |
---------------------------+------------------------
Changes (by dkocher):
* owner: => dkocher
* component: core => s3
Old description:
> I have been playing with the IAM permissions forever now and read
> everything I possibly can.
>
> I am starting to wonder if it is something to do with Cyberduck possibly
> from what I read on another S3 browser software site, which is OK. But I
> just need to verify what's going on, and any help is sooo much
> appreciated.
>
> I get the following error when trying to create a folder or upload a
> file:
> S3 Error: Cannot create folder test
> S3 Error Message. Forbidden. Access Denied.
>
> I have the the path when I login to S3 set to:
> /bucket/site/wp-content/themes/
>
> That works and I get a listing of all folders and file in there. But
> when I try to upload or download anything in there I get the error
> above.
>
> Here is my current IAM permissions:
>
> {
> "Statement": [
> {
> "Sid":
> "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
> "Action": [
> "s3:ListAllMyBuckets",
> "s3:GetBucketLocation",
> "s3:ListBucket",
> "s3:ListBucketMultipartUploads"
> ],
> "Effect": "Allow",
> "Resource": [ "arn:aws:s3:::*" ]
> },
> {
> "Sid": "AllowRootLevelListingOfCompanyBucket",
> "Action": [
> "s3:DeleteObject",
> "s3:ListBucket",
> "s3:PutObject",
> "s3:GetObject",
> "s3:GetBucketLocation",
> "s3:ListMultipartUploadParts"
> ],
> "Effect": "Allow",
> "Resource": [
> "arn:aws:s3:::bucket",
> "arn:aws:s3:::bucket/*"
> ],
> "Condition":{
> "StringLike":{
> "s3:prefix":"site/wp-content/themes",
> "s3:prefix":"site/wp-content/themes/*"
> }
> }
> }
> ]
> }
>
> Please any help fixing the permissions or letting me know it's a known
> issue when trying to only give access to a specific location with
> Cyberduck would help.
>
> I just want to let these users in this IAM group have access to
> download/upload/delete files in the following location only:
> /bucket/site/wp-content/themes/*
>
> Thank you again everyone for taking the time to read this. :)
New description:
I have been playing with the IAM permissions forever now and read
everything I possibly can.
I am starting to wonder if it is something to do with Cyberduck possibly
from what I read on another S3 browser software site, which is OK. But I
just need to verify what's going on, and any help is sooo much
appreciated.
I get the following error when trying to create a folder or upload a file:
{{{
S3 Error: Cannot create folder test
S3 Error Message. Forbidden. Access Denied.
}}}
I have the the path when I login to S3 set to: `/bucket/site/wp-
content/themes/`
That works and I get a listing of all folders and file in there. But when
I try to upload or download anything in there I get the error above.
Here is my current IAM permissions:
{{{
{
"Statement": [
{
"Sid":
"AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": [ "arn:aws:s3:::*" ]
},
{
"Sid": "AllowRootLevelListingOfCompanyBucket",
"Action": [
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/*"
],
"Condition":{
"StringLike":{
"s3:prefix":"site/wp-content/themes",
"s3:prefix":"site/wp-content/themes/*"
}
}
}
]
}
}}}
Please any help fixing the permissions or letting me know it's a known
issue when trying to only give access to a specific location with
Cyberduck would help.
I just want to let these users in this IAM group have access to
download/upload/delete files in the following location only:
/bucket/site/wp-content/themes/*
Thank you again everyone for taking the time to read this. :)
--
--
Ticket URL: <http://trac.cyberduck.ch/ticket/6952#comment:1>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.
More information about the Cyberduck-trac
mailing list