Renaming object in S3 console fails if ListAllMyBuckets permission is not provided

Hi,

I have had a problem with a user not being able to rename an S3 object through the AWS console, despite having the all the permissions over the bucket and the bucket objects.

The associated IAM policy for the user is this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::s3-bucket-name",
                "arn:aws:s3:::s3-bucket-name/*"
            ]
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::s3-bucket-name"
        }
    ]
}

When the user tries to rename a file in the S3 bucket, the console complains about s3:PutObject permission, which is granted, and sees an "Access denied" error in the AWS console.

The weirdest thing of all is that the problem is solved by adding the ListAllMyBuckets permission, and once added to the user's IAM policy, the user is able to rename objects without a problem.

This behavior is also documented on StackOverflow, in this and this answers.

In addition, a StackOverflow user comments that this operation only fails through the AWS console, and that it works using the CLI. To me, fixing it through adding ListAllMyBucket permission doesn't make any sense, and allows the user to see other bucket names.