Getting access denied error for SFTP user

0

I am getting access denied for user when WINSCP tries to list the directory structure, "Error listing directory '/.'"

I have the following policy for user

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET234"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::BUCKET234/*"
}
]
}

This is the trust relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

There is no scope down policy, what am i missing ?

avijaws
已提問 3 年前檢視次數 5959 次
1 個回答
0

Hello avijaws,

Based on the error provided it looks like WinSCP is trying to list root "/" and it is failing. If you are not using the restricted option (logical directories) for your User and you try to list the root "/" the operation will give an Access Denied if you do not have permissions to list all the buckets (s3:ListAllMyBuckets).

On WinSCP under Advanced Site Settings of your Session -> Environment -> Directories you can Uncheck the option "Remember last used directory" and also clear the "Remote directory" field so it wont connect to "/".

Another option is to use logical directories or the Restricted option if you are using the AWS Transfer Console. Find your User, edit the configuration, select the bucket and optionally the home directory and click the restricted option. By doing that the user will be restricted (chroot) to his home folder and when WinSCP tries to list the root "/" the content of the home directory will be listed since the root will be mapped to the /bucket/folder.

I hope the above information is helpful. Please feel free to write back if you still have issues.

Kind regards,
Panagiotis

已回答 3 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南