2 Answers
- Newest
- Most votes
- Most comments
2
Probably the IAM policy has problem. Would you modify as below?
before
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:List
- s3:GetObject
- s3:GetObjectAcl
- s3:ListObjectsV2
- s3:PutObjectAcl
- s3:PutObject
- s3:ListObjects
Resource: "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0"
after
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetObjectAcl
- s3:PutObjectAcl
- s3:PutObject
Resource:
- "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0"
- "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0/*"
It's complicated, but there is not ListObjects
in S3 actions and ListBucket
is the corresponding action.
Resources for GetObject
have to specify objects, not a bucket.
answered a year ago
1
Your IAM policy allows access to the bucket but not to the objects in the bucket. You'll need to add an additional resource which is "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0/*"
This blog post may also assist here.
Relevant content
- asked 2 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago