s3 Policy has invalid action - s3:ListAllMyBuckets

amazon-s3 policy bucket
23,882

Solution 1

I figured out myself. It needs to be done in the IAM, not in S3 itself...

Solution 2

As zdev mentioned, you need to do this for the IAM. Go to the IAM console and navigate to Users > Permissions > Inline policies > Create > Custom, and enter this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Solution 3

@dnlbrky You need to do this by setting the policy on for the IAM user/group/role and set it by either using the AWS console for the IAM user/group or by calling put_[role/user/group]_policy boto API call.

Solution 4

Anyone getting same issue:

S3 bucket Policy Actions are different from IAM policy actions. Can reference to s3 actions from https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html.

Or try with the following actions

"Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
Share:
23,882
zdev
Author by

zdev

Updated on July 09, 2022

Comments

  • zdev
    zdev almost 2 years

    I'm trying these policy through console.aws.amazon.com on my buckets:

    
    {
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation",
            "s3:ListBucketMultipartUploads"
          ],
          "Resource": "arn:aws:s3:::itnighq",
          "Condition": {}
        },
        {
          "Effect": "Allow",
          "Action": [
            "s3:AbortMultipartUpload",
            "s3:DeleteObject",
            "s3:DeleteObjectVersion",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:GetObjectVersion",
            "s3:GetObjectVersionAcl",
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:PutObjectAclVersion"
          ],
          "Resource": "arn:aws:s3:::itnighq/*",
          "Condition": {}
        },
        {
          "Effect": "Allow",
          "Action": "s3:ListAllMyBuckets",
          "Resource": "*",
          "Condition": {}
        }
      ]
    }

    But I'm getting this error message: Policy has invalid action - s3:ListAllMyBuckets It doesn't seem to like "Resource": "*" , I've also tried to use **arn:aws:s3:::****, but it doesn't work either.

    Anyone has any clue?

  • dnlbrky
    dnlbrky over 9 years
    Could you please describe the steps for how to apply this policy in IAM?
  • zPrima
    zPrima about 8 years
    This policy contains the following error: The following Statement Ids are invalid: "Allow user to list all S3 buckets"
  • z0r
    z0r about 8 years
    @zPrima thanks, looks like the Sid field is optional anyway. I've removed it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I make a S3 bucket public (the amazon example policy doesn't work)?
Is there an S3 policy for limiting access to only see/access one bucket?
Access denied when put bucket policy on aws s3 bucket with root user (= bucket owner)
AWS S3 deny all access except for 1 user - bucket policy
List files on S3
Change user ownership of s3fs mounted buckets
AWS S3 Bucket with Multiple Regions
How to fix AccessDenied calling CopyObject
Find S3 Bucket Owner
Amazon S3 is not serving files correctly