I'm making a simple script in Python to upload and list the files in a S3 bucket, the problem is that I can upload the files, but I receive a Permission Denied error when I try to list the files.
This is the policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "arn:aws:s3:::notes-sync-test/*"
}
]
}
This is the code:
import boto3
s3 = boto3.resource(
service_name='s3',
region_name='us-east-1',
aws_access_key_id='XXX',
aws_secret_access_key='ZZZZ'
)
bucket_name = "notes-sync-test"
bucket = s3.Bucket(bucket_name)
# Works - Upload a new file
data = open('test.pdf', 'rb')
s3.Bucket(bucket_name).put_object(Key='test.pdf', Body=data)
# Fail - List objects
for my_bucket_object in bucket.objects.all():
print(my_bucket_object.key)
Any idea why I can upload but not see the files?
Thanks!
Edit:
If I configure the policy like this, it works bot listObjects and PutObject, but I think it's weird:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "arn:aws:s3:::notes-sync-test/*"
},
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "arn:aws:s3:::notes-sync-test"
}
]
}
You have granted permission to execute commands on objects within the S3 bucket, but you have not authorized any actions on the bucket itself.
Can you update your policy like below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": [
"arn:aws:s3:::notes-sync-test",
"arn:aws:s3:::notes-sync-test/*"
]
}
]
}