By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Management Console

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

1
answers
0
votes
114
views
asked 2 months ago

Renaming object in S3 console fails if ListAllMyBuckets permission is not provided

Hi, I have had a problem with a user not being able to rename an S3 object through the AWS console, despite having the all the permissions over the bucket and the bucket objects. The associated IAM policy for the user is this: ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::s3-bucket-name", "arn:aws:s3:::s3-bucket-name/*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::s3-bucket-name" } ] } ``` When the user tries to rename a file in the S3 bucket, the console complains about *s3:PutObject* permission, which is granted, and sees an "Access denied" error in the AWS console. ![Access denied when renaming S3 object](https://repost.aws/media/postImages/original/IMX4V3P7N4TxiGZDcqeKXZPg) The weirdest thing of all is that the problem is solved by adding the *ListAllMyBuckets* permission, and once added to the user's IAM policy, the user is able to rename objects without a problem. This behavior is also documented on StackOverflow, in [this](https://stackoverflow.com/questions/33926553/aws-rename-permissions/63348973#63348973) and [this](https://stackoverflow.com/questions/42984344/renaming-object-from-in-aws-s3-console-with-iam-user/42996548#42996548) answers. In addition, a StackOverflow user comments that this operation only fails through the AWS console, and that it works using the CLI. To me, fixing it through adding *ListAllMyBucket* permission doesn't make any sense, and allows the user to see other bucket names.
0
answers
0
votes
38
views
profile picture
asked 2 months ago