https://stackoverflow.com/questions/13643058
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI figured out myself. It needs to be done in the IAM, not in S3 itself...
s3 Policy has invalid action - s3:ListAllMyBuckets
Question
I'm trying these policy through console.aws.amazon.com on my buckets:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::itnighq",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::itnighq/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
But I'm getting this error message: Policy has invalid action - s3:ListAllMyBuckets It doesn't seem to like "Resource": "*" , I've also tried to use **arn:aws:s3:::****, but it doesn't work either.
Anyone has any clue?
Solution 2
OTHER TIPS
As zdev mentioned, you need to do this for the IAM. Go to the IAM console and navigate to Users > Permissions > Inline policies > Create > Custom, and enter this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
@dnlbrky You need to do this by setting the policy on for the IAM user/group/role and set it by either using the AWS console for the IAM user/group or by calling put_[role/user/group]_policy boto API call.
Anyone getting same issue:
S3 bucket Policy Actions are different from IAM policy actions.
Can reference to s3 actions from https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html.
Or try with the following actions
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
