I've also tried to suspend the versioning but still cannot download files.
Going through the scopedown policy associated, I don't seem to be able to find anything wrong with the policy. You have granted List permissions to your bucket provided the prefix matches the condition statement. Further, you have granted HomeDirectoryObject access for READ/WRITE/DELETE commands. I would say it is a pretty straightforward ScopeDown Policy.
Concerning the Access Denied error for downloads, could you confirm if there are no bucket policies on the S3 Bucket or any Explicit Deny conditions that might block READ or GetObject actions on the bucket?
Also, could you confirm if the IAM Role associated to the AWS Transfer user has sufficient permissions to access the bucket and the objects? If permissions are missing on the IAM Role, you would experience Access Denied from S3 as ScopeDown Policies do not grant permissions. Rather, they assist you to restrict a particular set of permissions. Therefore, permissions specified within a ScopeDown policy should be a subset of permissions present on the IAM Role.
Concerning READ operations, you would need GetObject, GetObjectVersion and GetObjectAcl on both the User's IAM Role and the ScopeDown Policy as your bucket has versioning enabled. Could you confirm if these permissions are present for the User? If not, could you update and test?
I look forward to your update. If you are still experiencing Access Denied errors, please private message me with the resource details and I would be happy to help out.
You are totally right, on the transfer aws role I only had s3:*object permission.
I need to transfer objects from s3 bucket to another s3 in the same accountasked 2 months ago
What IAM policies were used for the AWS Transfer Family managed workflows video tutorial?Accepted Answerasked 7 months ago
Versioning on Snowball EdgeAccepted Answerasked 3 years ago
AWS TRANSFER FAMILY SFTP SERVERasked 7 months ago
File deletion with datasync if versioning is enabled.Accepted Answerasked 3 years ago
S3 policy - Transfer Family SFTPasked 4 months ago
Why do we need S3 bucket versioning enabled in order to do replication?Accepted Answerasked 2 years ago
Transfer Family Errorasked 10 months ago
AWS Transfer Family -SFTP Gateway : Is SSE-C for S3 supported?asked 8 months ago
AWS Transfer Family cannot download with S3 Versioning enabledasked 2 years ago