[Cyberduck-trac] [Cyberduck] #6952: S3 restricted folder access denied permissions

Cyberduck trac at trac.cyberduck.io
Tue Mar 24 20:36:03 UTC 2015

#6952: S3 restricted folder access denied permissions
 Reporter:  detail         |         Owner:  dkocher
     Type:  defect         |        Status:  reopened
 Priority:  normal         |     Milestone:
Component:  s3             |       Version:  4.2.1
 Severity:  normal         |    Resolution:
 Keywords:                 |  Architecture:  Intel
 Platform:  Mac OS X 10.7  |

Comment (by max@…):

 Here's what my policy looks like:
     "Version": "2012-10-17",
     "Statement": [
             "Action": "s3:*",
             "Effect": "Allow",
             "Resource": "arn:aws:s3:::my-bucket-name",
             "Condition": {
                 "StringLike": {
                     "s3:prefix": "path/to/folder/"
             "Action": "s3:*",
             "Effect": "Allow",
             "Resource": "arn:aws:s3:::my-bucket-name/path/to/folder/*"
 The first statement allows bucket actions on {{{folder}}} and the second
 statement allows object actions on {{{folder}}}. The result is that users
 with this policy can only read/write/list one directory in {{{my-bucket-

 Using CyberDuck, I click "Open Connection", enter my Access Key ID and
 Secret Access Key, and in "More Options", enter the path to the directory:
 {{{my-bucket-name/path/to/folder}}}. When I click "Connect", I get an

     Listing directory folder failed.[[br]]
     Access Denied: Please contact your web hosting service provider for

 My best guess is that CyberDuck attempts to list the entire bucket (as
 opposed to the one directory) and fails (since listing is restricted to
 using that prefix).

Ticket URL: <https://trac.cyberduck.io/ticket/6952#comment:5>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list