- Newest
- Most votes
- Most comments
You're not the first person that has seen this https://repost.aws/questions/QUPE1n7zbjTs-H4twQ3kh29w/renaming-object-in-s3-console-fails-if-listallmybuckets-permission-is-not-provided
I've created exactly the same setup and am seeing the same behaviour - sign in as IAM user with an attached policy that has s3:ListAllMyBuckets and confirm the user can login on console, navigate to bucket, rename an object - all good.
Remove s3:ListAllMyBuckets and the user can navigate to the bucket (using the the URL to get there direct) but can't rename the object.
Notice the complaint isn't about the absence of s3:ListAllMyBuckets but is instead about s3:PutObject (which the user already has).
And just to add more confusion, setup an API keypair and try it through the CLI and it works when the policy doesn't have s3:ListAllMyBuckets:
$ aws s3 mv s3://[TEMP_TEST_BUCKET]/foo.png s3://[TEMP_TEST_BUCKET]/bar.png
move: s3://[TEMP_TEST_BUCKET]/foo.png to s3://[TEMP_TEST_BUCKET]/bar.png
$
Can you log a bug about this? At the very least the error message (in red in the AWS Console) needs to refer to the absence of s3:ListAllMyBuckets and not (wrongly) s3:PutObject. And hopefully this will prompt the followup question about why s3:ListAllMyBuckets is needed for a rename operation in the first place (but only in the console, not the CLI)
Relevant content
- asked 9 months ago
- asked a year ago
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I will log a bug report. Thanks.