Getting access denied error for SFTP user

0

I am getting access denied for user when WINSCP tries to list the directory structure, "Error listing directory '/.'"

I have the following policy for user

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET234"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::BUCKET234/*"
}
]
}

This is the trust relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

There is no scope down policy, what am i missing ?

avijaws
已提问 3 年前5975 查看次数
1 回答
0

Hello avijaws,

Based on the error provided it looks like WinSCP is trying to list root "/" and it is failing. If you are not using the restricted option (logical directories) for your User and you try to list the root "/" the operation will give an Access Denied if you do not have permissions to list all the buckets (s3:ListAllMyBuckets).

On WinSCP under Advanced Site Settings of your Session -> Environment -> Directories you can Uncheck the option "Remember last used directory" and also clear the "Remote directory" field so it wont connect to "/".

Another option is to use logical directories or the Restricted option if you are using the AWS Transfer Console. Find your User, edit the configuration, select the bucket and optionally the home directory and click the restricted option. By doing that the user will be restricted (chroot) to his home folder and when WinSCP tries to list the root "/" the content of the home directory will be listed since the root will be mapped to the /bucket/folder.

I hope the above information is helpful. Please feel free to write back if you still have issues.

Kind regards,
Panagiotis

已回答 3 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则