Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 unable to connect to whitelisted path #11340

Closed
cyberduck opened this issue Dec 4, 2020 · 4 comments
Closed

S3 unable to connect to whitelisted path #11340

cyberduck opened this issue Dec 4, 2020 · 4 comments
Assignees
@dkocher
Labels
bug duplicate high priority s3 AWS S3 Protocol Implementation
Milestone
7.8.2

Comments

@cyberduck
Copy link
Collaborator

a11fab0 created the issue

When connecting to a bucket with security policies whitelisting specific paths:

  • Older versions (tested on 6.7.0) allow connections to an S3 bucket, landing on a specific whitelisted Path.
  • Newer versions (tested on 7.7.2) fail with error "Listing directory / failed" when using Server=s3.amazonaws.com and Path=//
  • Newer versions (tested on 7.7.2) fail with error "Listing directory failed" when using Server=.amazonaws.com and Path=

Looks like this issue has been coming and going intermittently since at least 2015 and it suggests attempts at either listing all buckets or listing the root prefix of the bucket, which is not accepted in most security policies.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please attach the HTTP transcript and a sample IAM policy to reproduce the problem.

@cyberduck
Copy link
Collaborator Author

a11fab0 commented

Here's a sample policy, working on v6 and failing on v7



{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Condition": {
                "StringLike": {
                    "s3:prefix": "some_folder/some_user/*"
                }
            },
            "Action": "s3:List*",
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/some_folder/some_user/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:Abort*",
                "s3:PutObject*",
                "s3:GetBucket*",
                "s3:GetObject*",
                "s3:DeleteObject*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/some_folder/some_user/*"
            ],
            "Effect": "Allow"
        }
    ]
}

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Relates to #11549.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Can you please try if still see this issue with the current snapshot build
by updating from within Cyberduck in ''Preferences → Update →
Automatically check for updates in → Snapshot Builds''.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug duplicate high priority s3 AWS S3 Protocol Implementation
Projects
None yet
Milestone
7.8.2
Development

No branches or pull requests
2 participants
@dkocher @cyberduck