Include s3:ListObjectsV2 as action in bucket policy

0

For some reason I'm not able to include ListObjects or ListObjectsV2 as action in a S3 bucket policy. When trying to save a policy including:

    {  
        "Sid": "aaaa",  
        "Effect": "Allow",  
        "Principal": "*",  
        "Action": "s3:ListObjectsV2",  
        "Resource": "arn:aws:s3:::_bucket_"  
    }  

I get an error:

Unknown Error - An unexpected error occurred.
API response - Policy has invalid action

The same happens with ListObjects. Including other actions is ok, including GetObject and PutObject:
{
"Sid": "aaaa",
"Effect": "Allow",
"Principal": "",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bucket/
"
}

I try to access files from a bucket assessible to authenticated users via the aws cli. I'm able to download files using aws cp, but when trying aws ls, I get the error message:

An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

I've been searching the web without finding an answer, so I hope somebody can help....

Edited by: jehake on Mar 5, 2021 12:11 AM

jehake
asked 2 years ago2115 views
2 Answers
1

Hi,

Kindly note ListObjects or ListObjectsV2 is the name of the API call that lists the objects in a bucket. You will need to use s3:ListBucket in the action element to allow a user to list the objects in a bucket.

https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/

Here is how I would write the policy to list the objects in a bucket.

{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "AllowList",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}

Regards,
Pavithra

answered 2 years ago
0

Hello jehake, Has your problem of your code been resolve? Let us know. Also, remember to click on the "Accept" button when an answer provided in the community helped you. This allows other community members to also benefit from it. Thank you for your participation.

profile picture
SUPPORT ENGINEER
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions