[Cyberduck-trac] [Cyberduck] #9741: Unable to download resources with IAM secruity
Cyberduck
trac at trac.cyberduck.io
Tue Oct 25 20:14:53 UTC 2016
#9741: Unable to download resources with IAM secruity
--------------------------------+----------------------------
Reporter: paul.christmann | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version:
Severity: blocker | Keywords:
Architecture: | Platform: Mac OS X 10.10
--------------------------------+----------------------------
After upgrading to 5.2.0.21327 build, I was unable to download resources
secured by IAM policies (though I was able to list objects as expected).
I reverted to build 5.1.3.20962 and the downloads worked correctly. I
also verified the ability to download via command line tools.
We use IAM policies to secure access to resources by prefix within our
buckets. For example, we have a policy like this:
{{{
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [ "s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::obfuscated"],
"Condition": { "StringLike": { "s3:prefix":
["more/obfuscation/*"]}}
},
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::obfuscated/more/obfuscation/*"]
}
]
}
}}}
What I end up seeing in the logs suggests it might be the acceleration
support added in this build:
{{{
GET /?accelerate HTTP/1.1
Date: Tue, 25 Oct 2016 19:45:09 GMT
x-amz-request-payer: requester
x-amz-content-sha256: XXX
Host: obfuscated.s3.amazonaws.com
x-amz-date: 20161025T194509Z
Authorization:
******************************************************************************************************************************************************************************************************************************************
Connection: Keep-Alive
User-Agent: Cyberduck/5.2.0.21317 (Mac OS X/10.10.5) (x86_64)
HTTP/1.1 403 Forbidden
x-amz-request-id: XXXX
x-amz-id-2: XXXX
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 25 Oct 2016 19:45:10 GMT
Server: AmazonS3
}}}
--
Ticket URL: <https://trac.cyberduck.io/ticket/9741>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list