What permissions needed to list and upload to S3 via CLI

Question

Hi, I have AmazonS3FullAccess permissions on a bucket.
I am trying to connect to it and list objects but I get an error.
'An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied'

So do I need any other permissions to allow me to list and upload files?

Thanks

Answer

Hi,

You need the following policy to list a bucket

```
{
  "Statement": [
    {
        "Sid": "some_id",
        "Effect": "Allow",
        "Action": [
            "s3:*"
        ],
        "Resource": [
            "arn:aws:s3:::bucketname",
            "arn:aws:s3:::bucketname/*"
        ]
    }
  ] 
}
```

The most restrictive policy would be (if you feel that ` "Action": ["s3:*"] ` is too broad:

```
{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket"
          ],
          "Resource": [
              "arn:aws:s3:::bucketname"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:PutObject"
          ],
          "Resource": [
              "arn:aws:s3:::bucketname/*"
          ]
      }
  ]
}
```

By using any of the two, you do not need the policy AmazonS3FullAccess (managed by AWS) anymore

Best,

Didier

Answer

Make sure your IAM role/user has **s3:ListBucket** permission added for that bucket, where you are listing/uploading objects.

{
      "Version": "2012-10-17",
      "Statement": [{
        "Sid": "Stmt1546506260896",
        "Action": "s3:ListBucket",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::AWSDOC-EXAMPLE-BUCKET"
      }]
    }

Hope this helps.

Comment here if you have additional questions, happy to help.

Abhishek

What permissions needed to list and upload to S3 via CLI

相关内容