- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello,
Greetings of the day,
I understand that you are trying to access s3 bucket in account A from the IAM role in account B and facing access denied error while running 'aws s3 ls' command via CLI.
Please note that s3 ls is a bucket level operation and hence we need to provide bucket level permission to the IAM role in both IAM policy and Bucket policy as this is a cross account scenario.
Looking into the policies which you have shared, I can see that IAM policy is granting bucket level permission on the s3 bucket. However, the bucket policy is granting only object level permission to the IAM role. When the request to s3 bucket is made from a different account IAM role, both the IAM policy and the bucket policy should grant the permissions.
As the bucket policy was not allowing the IAM role to perform bucket level operations, you were facing access denied error. In order to resolve the access denied error, the bucket policy should allow the IAM role to perform bucket level operations.
I am happy that you were able to resolve this issue now by following AWS the documentation. Let us know if you still face any issue.
Thank you!!
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 9 mois