By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Storage

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Renaming object in S3 console fails if ListAllMyBuckets permission is not provided

Hi, I have had a problem with a user not being able to rename an S3 object through the AWS console, despite having the all the permissions over the bucket and the bucket objects. The associated IAM policy for the user is this: ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::s3-bucket-name", "arn:aws:s3:::s3-bucket-name/*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::s3-bucket-name" } ] } ``` When the user tries to rename a file in the S3 bucket, the console complains about *s3:PutObject* permission, which is granted, and sees an "Access denied" error in the AWS console. ![Access denied when renaming S3 object](https://repost.aws/media/postImages/original/IMX4V3P7N4TxiGZDcqeKXZPg) The weirdest thing of all is that the problem is solved by adding the *ListAllMyBuckets* permission, and once added to the user's IAM policy, the user is able to rename objects without a problem. This behavior is also documented on StackOverflow, in [this](https://stackoverflow.com/questions/33926553/aws-rename-permissions/63348973#63348973) and [this](https://stackoverflow.com/questions/42984344/renaming-object-from-in-aws-s3-console-with-iam-user/42996548#42996548) answers. In addition, a StackOverflow user comments that this operation only fails through the AWS console, and that it works using the CLI. To me, fixing it through adding *ListAllMyBucket* permission doesn't make any sense, and allows the user to see other bucket names.
0
answers
0
votes
28
views
profile picture
asked 4 days ago
  • 1
  • 12 / page