d784be0 commented

I have tried connecting to bucket directly using server= s3.console.aws.amazon.com/s3/buckets
path=mybucket
This shows connected, no error, but no real connection. I have full permissions on objects in bucket (except listallmybuckets) and cannot see objects

@dkocher commented

You can connect to a specific bucket by specifying it in the Path setting in the bookmark. Do not alter the default hostname s3.amazonaws.com. The above URL is from the S3 console web application from AWS and not a valid S3 API URL.

d784be0 commented

Replying to [comment:3 dkocher]: Thank you for your response. I have tried this and it will work only if I grant viewallmybuckets action in the user policy. I have a requirement that users not be able to see any other bucket other than thier own. Is this policy action required for Mountain Duck to connect?

You can connect to a specific bucket by specifying it in the Path setting in the bookmark. Do not alter the default hostname s3.amazonaws.com. The above URL is from the S3 console web application from AWS and not a valid S3 API URL.

d784be0 commented

Update: I was able to get it to work using the default server address, thank you again for that. The issue seems to have been in the object access statement, I was using s3:List* instead of spelling out the action, which apparently does not work, I'm including the policy that works for reference and will close this ticket.
{
"Version": "2012-10-17",
"Id": "bucketPermissions",
"Statement": [
{
"Sid": "ListBucket",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": [
"arn:aws:s3:::mybucket"
]
},
{
"Sid": "ObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}