Specific user keeps getting access denied

0

Hi,

I'm hoping to get some help with troubleshooting this. I setup a transfer family SFTP server and was able to connect and transfer files via Cyberduck without any issues. I setup a user for my coworker and he also is able to connect successfully. However, when creating this third user, we keep getting "Listing directory / failed. Access denied." The same role and policy is applied to this user. I checked the log and it seems to connect but then immediately gets "Access denied." I asked this user to send me their key pair and I can connect perfectly using their username but for whatever odd reason, they keep getting "Access denied" on their laptop.

Here's the policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::people-ops-pyn"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": ""
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::people-ops-pyn/
"
}
]
}

Here's the trust relationship policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}

Edited by: calfun on Jun 23, 2021 3:08 PM

calfun
質問済み 3年前545ビュー
1回答
0

Disregard! I overlooked the fact that the user had a specific policy scoped to them. Once I set it to none, it inherited the role policy and was able to connect.

calfun
回答済み 3年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ