Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Versioning request causes S3 Upload to break for IAM "upload only" account #8801

Closed
cyberduck opened this issue May 4, 2015 · 5 comments
Closed

Versioning request causes S3 Upload to break for IAM "upload only" account #8801

cyberduck opened this issue May 4, 2015 · 5 comments
Assignees
@dkocher
Labels
bug s3 AWS S3 Protocol Implementation worksforme
Milestone
4.7.1

Comments

@cyberduck
Copy link
Collaborator

2f61c0e created the issue

I have an IAM account configured with only List (ListAllMyBuckets, GetBucketLocation, ListBucket) and PutObject permissions. I want to have an account that just permits uploads.

When I try using Cyberduck, I get an 'access denied' error. I am able to use the account with S3Fox (a firefox plugin) to upload files, so I don't think it's a permissions issue.

I suspect this is because Cyberduck makes a request to '/?versioning' before starting the upload. Is there any way to disable that request (since we don't have versioning enabled?) ...or to assume that versioning is disabled if the request to '/?versioning' returns a "403 Forbidden"?

Attachments
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please post the transcript from the log drawer of the Transfers window. Choose ⌘-L on Mac or right-click the toolbar from the Transfers window and choose Log on Windows

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We should handle missing permissions to read versioning status just fine and assume no versioning support since 88fbfd2.

@cyberduck
Copy link
Collaborator Author

2f61c0e commented

Hi, thanks for your response. I have attached the Debug log since the Log Drawer doesn't show anything when I attempt to upload a file. I assumed the problem was the 403 error I'm receiving on line 837, but there's a good chance I'm mistaken :)

Any other advice you could suggest on how to track down what the issue is would be appreciated

@cyberduck
Copy link
Collaborator Author

@dkocher commented

This log output shows that the actual PUT request is failing with a 403 response.

1546	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> PUT /event_footage_raw%2Ftest_eventx%2Fmvi_short2.mp4 HTTP/1.1
1547	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Date: Mon, 04 May 2015 19:35:43 GMT
1548	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Expect: 100-continue
1549	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Content-Type: video/mp4
1550	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Authorization: AWS AKIAI6OEDVHQYINV54IQ:Z2QDsouraIdcRwl+aStDAT6L524=
1551	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Content-Length: 226589547
1552	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Host: connectsports-video.s3.amazonaws.com:443
1553	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> Connection: Keep-Alive
1554	2015-05-04 15:35:43,817 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 >> User-Agent: Cyberduck/4.7 (17432).17432 (Windows 8/6.2) (x86)
1555	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << HTTP/1.1 403 Forbidden
1556	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << x-amz-request-id: 3161D4A81554963E
1557	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << x-amz-id-2: ect2tNigGBhzmCWsovTh25UKFzJYWzveSjE+Z0RgLr7JxyAPz1DhqpRA3IEsMYGG
1558	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << Content-Type: application/xml
1559	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << Transfer-Encoding: chunked
1560	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << Date: Mon, 04 May 2015 19:35:40 GMT
1561	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << Connection: close
1562	2015-05-04 15:35:43,848 (http-1) DEBUG org.apache.http.headers - http-outgoing-3 << Server: AmazonS3

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please verify your policy with IAM Policy Simulator.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug s3 AWS S3 Protocol Implementation worksforme
Projects
None yet
Milestone
4.7.1
Development

No branches or pull requests
2 participants
@dkocher @cyberduck