Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Include s3:ListObjectsV2 as action in bucket policy

0

For some reason I'm not able to include ListObjects or ListObjectsV2 as action in a S3 bucket policy. When trying to save a policy including:

    {  
        "Sid": "aaaa",  
        "Effect": "Allow",  
        "Principal": "*",  
        "Action": "s3:ListObjectsV2",  
        "Resource": "arn:aws:s3:::_bucket_"  
    }

I get an error:

Unknown Error - An unexpected error occurred.
API response - Policy has invalid action

The same happens with ListObjects. Including other actions is ok, including GetObject and PutObject:
{
"Sid": "aaaa",
"Effect": "Allow",
"Principal": "",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bucket/"
}

I try to access files from a bucket assessible to authenticated users via the aws cli. I'm able to download files using aws cp, but when trying aws ls, I get the error message:

An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

I've been searching the web without finding an answer, so I hope somebody can help....

Edited by: jehake on Mar 5, 2021 12:11 AM

Tópicos
Armazenamento
Tags
Serviço de armazenamento simples da Amazon
Idioma
English
jehake
feita há 3 anos8831 visualizações
2 Respostas
1

Hi,

Kindly note ListObjects or ListObjectsV2 is the name of the API call that lists the objects in a bucket. You will need to use s3:ListBucket in the action element to allow a user to list the objects in a bucket.

https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/

Here is how I would write the policy to list the objects in a bucket.

{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "AllowList",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}

Regards,
Pavithra

AWS
Pavithra-AWS
respondido há 3 anos
0

Hello jehake, Has your problem of your code been resolve? Let us know. Also, remember to click on the "Accept" button when an answer provided in the community helped you. This allows other community members to also benefit from it. Thank you for your participation.

profile picture
ENGENHEIRO DE SUPORTE
Monica_Lluis
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante