Specific user keeps getting access denied

0

Hi,

I'm hoping to get some help with troubleshooting this. I setup a transfer family SFTP server and was able to connect and transfer files via Cyberduck without any issues. I setup a user for my coworker and he also is able to connect successfully. However, when creating this third user, we keep getting "Listing directory / failed. Access denied." The same role and policy is applied to this user. I checked the log and it seems to connect but then immediately gets "Access denied." I asked this user to send me their key pair and I can connect perfectly using their username but for whatever odd reason, they keep getting "Access denied" on their laptop.

Here's the policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::people-ops-pyn"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": ""
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::people-ops-pyn/
"
}
]
}

Here's the trust relationship policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}

Edited by: calfun on Jun 23, 2021 3:08 PM

calfun
질문됨 3년 전540회 조회
1개 답변
0

Disregard! I overlooked the fact that the user had a specific policy scoped to them. Once I set it to none, it inherited the role policy and was able to connect.

calfun
답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠