Cyberduck Mountain Duck CLI

#9063 closed defect (duplicate)

Error Deleting File from S3 bucket when using restricted access IAM user

Reported by: jjspierx Owned by: jjspierx
Priority: normal Milestone: 4.7.3
Component: s3 Version: 4.7.2
Severity: normal Keywords: S3, Delete, Failed
Cc:, Architecture: Intel
Platform: Windows 7


The error is: "Upload FileName failed. Access Denied, Please contact your web hosting service provider for assistance."

It is odd that the error is Upload failed, while I am attempting to delete a file from S3. If I hit refresh after receiving the error, the file is gone, so the file delete operation is successful, and the error is occuring after the delete.

This error does not occur when using an IAM user with full S3 access. The error only happens using IAM users that are restricted to a particular bucket. I have an IAM policy set up to allow GET/PUT/DELETE object access to a specific bucket, and the error only occurs when logged into S3 via Cyberduck using a user with that IAM policy. Looking at the Log Drawer below, it looks like the first request to S3 is a DELETE, which appears to work just fine. After the delete, a GET is requested which receives a 403 forbidden response.

DELETE /McCarthy%20CEO.pdf HTTP/1.1
Date: Tue, 20 Oct 2015 12:47:14 GMT
Authorization: AWS redacted:redacted
Connection: Keep-Alive
User-Agent: Cyberduck/ (Windows 7/6.1) (x86)
HTTP/1.1 204 No Content
x-amz-id-2: redacted
x-amz-request-id: A6174417D5AB8F2E
Date: Tue, 20 Oct 2015 12:47:09 GMT
Server: AmazonS3
GET /?prefix=McCarthy%20CEO.pdf&uploads HTTP/1.1
Date: Tue, 20 Oct 2015 12:47:14 GMT
x-amz-request-payer: requester
Authorization: AWS redacted
Connection: Keep-Alive
User-Agent: Cyberduck/ (Windows 7/6.1) (x86)
HTTP/1.1 403 Forbidden
x-amz-request-id: 8DC431F02DCA5DA7
x-amz-id-2: A1nyJ2AF47eDRWzNr0lCWTL3+tPhO8twodaP/KztJL/0e4BIpXjiemsp/TFit6st/pqshMKe4ko=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 20 Oct 2015 12:47:07 GMT

Change History (1)

comment:1 Changed on Oct 20, 2015 at 1:33:01 PM by dkocher

  • Milestone set to 4.7.3
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate for #9000.

Note: See TracTickets for help on using tickets.