By using AWS re:Post, you agree to the Terms of Use

Learn AWS faster by following popular topics

see all
1/18

Recent questions

see all
1/18

Renaming object in S3 console fails if ListAllMyBuckets permission is not provided

Hi, I have had a problem with a user not being able to rename an S3 object through the AWS console, despite having the all the permissions over the bucket and the bucket objects. The associated IAM policy for the user is this: ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::s3-bucket-name", "arn:aws:s3:::s3-bucket-name/*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::s3-bucket-name" } ] } ``` When the user tries to rename a file in the S3 bucket, the console complains about *s3:PutObject* permission, which is granted, and sees an "Access denied" error in the AWS console. ![Access denied when renaming S3 object](https://repost.aws/media/postImages/original/IMX4V3P7N4TxiGZDcqeKXZPg) The weirdest thing of all is that the problem is solved by adding the *ListAllMyBuckets* permission, and once added to the user's IAM policy, the user is able to rename objects without a problem. This behavior is also documented on StackOverflow, in [this](https://stackoverflow.com/questions/33926553/aws-rename-permissions/63348973#63348973) and [this](https://stackoverflow.com/questions/42984344/renaming-object-from-in-aws-s3-console-with-iam-user/42996548#42996548) answers. In addition, a StackOverflow user comments that this operation only fails through the AWS console, and that it works using the CLI. To me, fixing it through adding *ListAllMyBucket* permission doesn't make any sense, and allows the user to see other bucket names.
0
answers
0
votes
7
views
profile picture
asked 6 hours ago

Recent articles

see all
1/8