New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3 restricted folder access denied permissions #6952
Comments
Not exactly sure without testing why the above policy doesn't work but you could simplify it by narrowing down the
|
Not sure why this was closed, as this issue persists. For various security reasons, I need to give users permission to list only specific directories. This can't be accomplished by narrowing the |
Replying to [comment:3 max@…]:
Can you elaborate what you mean by list the entire bucket. We list all buckets if no default path has been set in the bookmark or list the default bookmark path otherwise on login. |
Here's what my policy looks like:
The first statement allows bucket actions on Using CyberDuck, I click "Open Connection", enter my Access Key ID and Secret Access Key, and in "More Options", enter the path to the directory:
My best guess is that CyberDuck attempts to list the entire bucket (as opposed to the one directory) and fails (since listing is restricted to using that prefix). |
Please post the transcript from the log drawer (⌘-L). |
I have been playing with the IAM permissions forever now and read everything I possibly can.
I am starting to wonder if it is something to do with Cyberduck possibly from what I read on another S3 browser software site, which is OK. But I just need to verify what's going on, and any help is sooo much appreciated.
I get the following error when trying to create a folder or upload a file:
I have the the path when I login to S3 set to:
/bucket/site/wp-content/themes/
That works and I get a listing of all folders and file in there. But when I try to upload or download anything in there I get the error above.
Here is my current IAM permissions:
Please any help fixing the permissions or letting me know it's a known issue when trying to only give access to a specific location with Cyberduck would help.
I just want to let these users in this IAM group have access to download/upload/delete files in the following location only:
/bucket/site/wp-content/themes/*
Thank you again everyone for taking the time to read this. :)
The text was updated successfully, but these errors were encountered: