Access denied copying files using S3 CLI
16,033
The format for specifying an s3 location is s3://bucket/key
so instead of s3://s3.amazonaws.com/my-bucket
you would use s3://my-bucket/
.
Related videos on Youtube
Author by
KevinD
Updated on September 18, 2022Comments
-
KevinD over 1 year
Attempting to pull down the contents of an S3 bucket using the AWS CLI, I'm getting the following:
aws s3 cp --region us-east-1 s3://s3.amazonaws.com/my-bucket . --recursive A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied Completed 1 part(s) with ... file(s) remaining
Using
aws s3 sync
similarly fails.The user policy is:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::*"] } ] }
(I've tried various less restrictive policies too, but to no avail).
I've tried an empty bucket policy, and also this bucket policy:
{ "Id": "Policy1357935677554", "Statement": [ { "Sid": "Stmt1357935647218", "Action": [ "*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-bucket", "Principal": { "AWS": [ "arn:aws:iam::XXXXXXXXXX:user/my-user" ] } }, { "Sid": "Stmt1357935676138", "Action": [ "*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-bucket/*", "Principal": { "AWS": [ "arn:aws:iam::XXXXXXXXXX:user/my-user" ] } } ] }
Interestingly, this does work:
aws s3api list-objects --region us-east-1 --bucket my-bucket
-
KevinD about 9 yearsThanks, that worked! "Access denied" isn't the most obvious error for a malformed URL!
-
Chris about 8 years@KevinD to be clear the URL is not malformed, "s3.amazonaws.com" is a valid bucket name per naming conventions.