Greetings of the day,
I understand that you are trying to access s3 bucket in account A from the IAM role in account B and facing access denied error while running 'aws s3 ls' command via CLI.
Please note that s3 ls is a bucket level operation and hence we need to provide bucket level permission to the IAM role in both IAM policy and Bucket policy as this is a cross account scenario.
Looking into the policies which you have shared, I can see that IAM policy is granting bucket level permission on the s3 bucket. However, the bucket policy is granting only object level permission to the IAM role. When the request to s3 bucket is made from a different account IAM role, both the IAM policy and the bucket policy should grant the permissions.
As the bucket policy was not allowing the IAM role to perform bucket level operations, you were facing access denied error. In order to resolve the access denied error, the bucket policy should allow the IAM role to perform bucket level operations.
I am happy that you were able to resolve this issue now by following AWS the documentation. Let us know if you still face any issue.
Unable to configure SageMaker execution Role with access to S3 bucket in another AWS accountasked 3 months ago
Can't download file from S3 bucket in another accountasked 2 years ago
Cross Account Copy S3 Objects From Account B to AWS KMS-encrypted bucket in Account Aasked 8 months ago
I need to transfer objects from s3 bucket to another s3 in the same accountasked 2 months ago
Access denied when trying to GET objects uploaded to s3 bucket via aws sdk using cloudfrontasked 10 months ago
S3 permissions STS assume role bucket to bucket copyAccepted Answerasked 5 years ago
Access bucket s3 from a role on another accountasked a year ago
S3 bucket replication fail in multi account architectureasked a month ago
grant access to one role in another account to all objects in an S3 bucket?asked a year ago
Across Account S3 Bucket Get Access Odditiesasked 4 years ago