Specific user keeps getting access denied

0

Hi,

I'm hoping to get some help with troubleshooting this. I setup a transfer family SFTP server and was able to connect and transfer files via Cyberduck without any issues. I setup a user for my coworker and he also is able to connect successfully. However, when creating this third user, we keep getting "Listing directory / failed. Access denied." The same role and policy is applied to this user. I checked the log and it seems to connect but then immediately gets "Access denied." I asked this user to send me their key pair and I can connect perfectly using their username but for whatever odd reason, they keep getting "Access denied" on their laptop.

Here's the policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::people-ops-pyn"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": ""
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::people-ops-pyn/
"
}
]
}

Here's the trust relationship policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}

Edited by: calfun on Jun 23, 2021 3:08 PM

calfun
gefragt vor 3 Jahren549 Aufrufe
1 Antwort
0

Disregard! I overlooked the fact that the user had a specific policy scoped to them. Once I set it to none, it inherited the role policy and was able to connect.

calfun
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen