CreateMultipartUpload operation - AWS policy items needed?

amazon-web-services amazon-s3
21,261

Solution 1

The "s3:PutObject" handles the CreateMultipartUpload operation so I guess there is nothing like "s3:CreateMultipartUpload".

The thing you have to change in your s3 bucket ARN is like add also "Resource": "arn:aws:s3:::mybucket"

Final policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                         "arn:aws:s3:::mybucket",
                         "arn:aws:s3:::mybucket/*"
                        ]
        }
    ]
}

Solution 2

If it's cross accounts access, check it is not related to ACL headers as mentioned here: https://stackoverflow.com/a/34055538/1736679 (more info in this issue thread: https://github.com/aws/aws-cli/issues/1674)

Also double check the environment / user from which you are running to see if there are no overriding Keys (AWS_ACCESS_KEY, etc) in /etc/environment or ~/.aws/credentials

Share:
21,261
Admin
Author by

Admin

Updated on July 22, 2022

Comments

  • Admin
    Admin almost 2 years

    I'm doing multipart upload via aws cli console but getting this error; 

    A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Access Denied

    Below is my policy, am I missing something in there?

    Thanks.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:CreateMultipartUpload",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}
    • Frederic Henri
      Frederic Henri about 8 years
      can you give the full command you use to upload to s3 ?
  • init_js
    init_js over 5 years
    You are using the "Resource" key twice in your last block. last two lines. Not sure which one it's supposed to be.
  • s27840
    s27840 over 5 years
    You need both. One is for the bucket it's self, one is for objects in the buck (ending /*). Resource shout be an array [] with both in.
  • Putnik
    Putnik about 5 years
    use array of resources like "Resource":["arn1","arn2"]

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

flutter to AWS S3 using amplify <asynchronous suspension> error
best practice for streaming images in S3 to clients through a server
Uploaded file to S3 via PreSigned URL from Flutter App. but the file is corrupted when i download it
Restore a backup file on AWS RDS SQL Server from S3 bucket
Unload data from postgres to s3
How can you tell if an object is a folder on AWS S3
S3 - Anonymous Upload - Key prefix
reading and writing excel files from s3 using boto3 in lambda
Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key
"The AWS Access Key Id you provided does not exist in our records." when trying to use AWS CLI