Kenny Lövrin
Reputation: 801
Amazon CLI won't allow me to list objects
I'm trying to copy contents of an S3 bucket to another bucket on another account, and I wanted to use the CLI to do this. So I set up a bucket policy on the source bucket, allowing a IAM user in the destination account to perform all S3 actions, but it keeps complaining that the ListObjects operation is denied.
I've tried Google, but I can't tell what would be the problem with my policy compared to the solutions I find. Even if I make the source bucket public (and can list it in a browser), it still gives me access denied.
What to do, what to do? Here's my bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAll",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123123123123:user/USER"
},
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::SOURCE",
"arn:aws:s3:::SOURCE/*"
]
}
]
}
Upvotes: 0
Views: 118
Answers (1)
Vijayanath Viswanathan
Reputation: 8541
Please try using below policy,
{
"Version": "2008-10-17",
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "CrossAccountList",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::examplebucket"
},
{
"Sid": "CrossAccountS3",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::examplebucket/*"
}
]
}You can read the full steps here
Another read here
Upvotes: 2
Related Questions
- AWS S3 LS --include: Unknown options
- Access denied when trying to do AWS s3 ls using AWS cli
- Listing objects from Amazon S3 bucket
- aws s3, why doesn't it list all the objects in the bucket?
- s3api getobject permission denied
- AWS CLI access to S3 returns error 104
- AWS CLI Commands
- S3 cli includes not working
- AWS CLI S3 Access
- Amazon S3 CLI Grants Options