使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Access Denied - When running "aws s3api list-buckets" from AWS CLI

0

Bucket policy:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::$AccountID:user/$username" }, "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "arn:aws:s3:::$BucketName" }, { "Sid": "statement2", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::$AccountID:user/$username" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::$BucketName/*" } ] }

From AWS CLI, got the "Access Denied" error when trying the List Bucket command as the above $username:

C:>aws s3api list-buckets --profile $username

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

However, the same command above with the "Default" profile works fine:

C:>aws s3api list-buckets (works fine)

The AWS CLI installed is the latest version as of today, June 9 2023.

主題
管理與治理
標籤
AWS Command Line Interface
語言
English
rePost-User-6163767
已提問 1 年前檢視次數 388 次
1 個回答
2

The bucket may allow the $Username to list buckets, but what is the IAM permissions for the actual $username itself? Both the IAM permissions for the entity AND the resource policy for the bucket must both allow the action, otherwise you may have the IAM policy associated with the $username causing the deny.

profile pictureAWS
專家
pechung
已回答 1 年前
profile picture
專家
Riku_Kobayashi
已審閱 1 年前
  • rePost-User-6163767
    1 年前

    The $username has the following IAM policy/permission defined:

    { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::$BucketName" } ] }

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容