2 Answers
- Newest
- Most votes
- Most comments
3
There could be a mismatch somewhere, run aws configure list
to show the actual credentials that you are using in the AWS CLI right now, and verify that the (partially obscured) access_key
and secret_key
are those that you expect to be using.
1
Run the following command to make sure you are the principle you think you are.
aws sts get-caller-identity
If that is correct, check to see if there is a bucket policy on the bucket that might be denying your request.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
Thank you for your answer on this. I ran:
aws configure list
and theaccess_key
andsecret_key
are what I'm expecting the CLI to use. When I run:aws s3 ls
(using the root accounts' access key), the buckets are returned without an issue. Don't understand why I'm not able to do the same with the IAM User with admin permissions.As the root user,
aws iam list-attached-user-policies --user-name [the_iam_user]
and confirm it's definitely got"PolicyName": "AdministratorAccess"
and"PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess"
.And also as the root user,
aws iam list-access-keys --user-name [the_iam_user]
theAccessKeyId
is definitely what you expect it to be, and its status isActive
?You were right on the money. After running
aws iam list-attached-user-policies --user-name [the_iam_user]
, I noticedAdministratorAccess
was not one of the policies attached to the IAM user. I was attaching the policies from a group, for some reason the user didn't inherit the permissions of the group. I added the policy directly to the IAM user and that resolved the issue. Thanks a lot for your help.