Using s3cmd the policy below allows me to ListAllBuckets like this :
s3cmd ls
and ListBucket like this :
s3cmd ls s3://backups/
but I cannot upload a file like this :
s3cmd put filename s3://backups/
I just get this error :
ERROR: S3 error: Access Denied
The policy is based on searching and many examples on the web, but I just cannot see where it's going wrong. The policy is to allow a user to just upload files to a backup directory (ultimately I don't even what them to list the buckets but I put that in just to check the policy was in fact being read at all).
Other possibly relevant info -
- I created the bucket using Dragon Disk (a front end for S3) with a different user
- This new IAM user is connected to the policy by belonging to a group that has the policy attached.
Here's the policy, note that the CreateObject and PutObject were the only two original entries, the others were added almost just to see what happened :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:CreateObject",
"s3:*"
],
"Resource": "arn:aws:s3:::backups/*"
}
]
}
Aucun commentaire:
Enregistrer un commentaire