[Cyberduck-trac] [Cyberduck] #9063: Error Deleting File from S3 bucket when using restricted access IAM user

Cyberduck trac at trac.cyberduck.io
Tue Oct 20 13:03:20 UTC 2015 

#9063: Error Deleting File from S3 bucket when using restricted access IAM user
-------------------------+--------------------------------
    Reporter:  jjspierx  |      Owner:  jjspierx
        Type:  defect    |     Status:  new
    Priority:  normal    |  Milestone:
   Component:  s3        |    Version:  4.7.2
    Severity:  normal    |   Keywords:  S3, Delete, Failed
Architecture:  Intel     |   Platform:  Windows 7
-------------------------+--------------------------------
 The error is: "Upload FileName failed. Access Denied, Please contact your
 web hosting service provider for assistance."

 It is odd that the error is Upload failed, while I am attempting to delete
 a file from S3.  If I hit refresh after receiving the error, the file is
 gone, so the file delete operation is successful, and the error is
 occuring after the delete.

 This error does not occur when using an IAM user with full S3 access.  The
 error only happens using IAM users that are restricted to a particular
 bucket.  I have an IAM policy set up to allow GET/PUT/DELETE object access
 to a specific bucket, and the error only occurs when logged into S3 via
 Cyberduck using a user with that IAM policy.  Looking at the Log Drawer
 below, it looks like the first request to S3 is a DELETE, which appears to
 work just fine.  After the delete, a GET is requested which receives a 403
 forbidden response.


 {{{
 DELETE /McCarthy%20CEO.pdf HTTP/1.1
 Date: Tue, 20 Oct 2015 12:47:14 GMT
 Authorization: AWS redacted:redacted
 Host: redacted.s3.amazonaws.com:443
 Connection: Keep-Alive
 User-Agent: Cyberduck/4.7.2.18004 (Windows 7/6.1) (x86)
 HTTP/1.1 204 No Content
 x-amz-id-2: redacted
 x-amz-request-id: A6174417D5AB8F2E
 Date: Tue, 20 Oct 2015 12:47:09 GMT
 Server: AmazonS3
 GET /?prefix=McCarthy%20CEO.pdf&uploads HTTP/1.1
 Date: Tue, 20 Oct 2015 12:47:14 GMT
 x-amz-request-payer: requester
 Authorization: AWS redacted
 Host: expressmr.s3.amazonaws.com:443
 Connection: Keep-Alive
 User-Agent: Cyberduck/4.7.2.18004 (Windows 7/6.1) (x86)
 HTTP/1.1 403 Forbidden
 x-amz-request-id: 8DC431F02DCA5DA7
 x-amz-id-2:
 A1nyJ2AF47eDRWzNr0lCWTL3+tPhO8twodaP/KztJL/0e4BIpXjiemsp/TFit6st/pqshMKe4ko=
 Content-Type: application/xml
 Transfer-Encoding: chunked
 Date: Tue, 20 Oct 2015 12:47:07 GMT

 }}}

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/9063>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list