Getting access denied error for SFTP user

0

I am getting access denied for user when WINSCP tries to list the directory structure, "Error listing directory '/.'"

I have the following policy for user

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET234"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::BUCKET234/*"
}
]
}

This is the trust relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

There is no scope down policy, what am i missing ?

avijaws
質問済み 3年前5975ビュー
1回答
0

Hello avijaws,

Based on the error provided it looks like WinSCP is trying to list root "/" and it is failing. If you are not using the restricted option (logical directories) for your User and you try to list the root "/" the operation will give an Access Denied if you do not have permissions to list all the buckets (s3:ListAllMyBuckets).

On WinSCP under Advanced Site Settings of your Session -> Environment -> Directories you can Uncheck the option "Remember last used directory" and also clear the "Remote directory" field so it wont connect to "/".

Another option is to use logical directories or the Restricted option if you are using the AWS Transfer Console. Find your User, edit the configuration, select the bucket and optionally the home directory and click the restricted option. By doing that the user will be restricted (chroot) to his home folder and when WinSCP tries to list the root "/" the content of the home directory will be listed since the root will be mapped to the /bucket/folder.

I hope the above information is helpful. Please feel free to write back if you still have issues.

Kind regards,
Panagiotis

回答済み 3年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ