maestroosram
Reputation: 347
S3 IAM policy for one bucket not granting access
Can someone explain me why this policy doesn't work?
What I want: full S3 control for the IAM user but limited to two buckets, defined by their ARNs.
I always get Access Denied when trying to upload with AWS SDK from my server.
Thank you
Upvotes: 0
Views: 117
Answers (1)
alexis-donoghue
Reputation: 3387
There are some possibilities here, it's hard to tell without seeing the full setup.
- There is a bucket policy which explicitly denies the action
- Bucket is encrypted and the user lacks KMS permissions
- There is conflicting policy which takes precedence, like SCP policy. Try using https://policysim.aws.amazon.com/home/index.jsp, it's not 100% accurate but it can give a hint
- You can also use CloudTrail to track all API calls made by user and determine which call failed
As an aside, you should be able to combine these policies by combining resources: Resource: ["arn_1", "arn_2"]
Upvotes: 2
Related Questions
- S3 IAM policy works in simulator, but not in real life
- IAM Policy: Users cannot access S3 bucket
- Amazon S3 bucket policy deny to a iam user
- AWS S3 Bucket Policy Access Denied Tag Condition EC2
- Access is denied even if IAM user is specified in S3 bucket policy
- AWS S3 Bucket Policy throws Access Denied Error
- IAM user policy returning 403 Forbidden on Amazon S3 bucket
- aws s3 Bucket policy not working as expected
- S3 Policy Limiting Access to only one foler
- Why Doesn't My AWS S3 Bucket Policy Override My IAM Policy?