Cannot list in bucket on S3.

Advertisement

khashi
Guest

Cannot list in bucket on S3.

Cannot list in bucket on S3.
There is no problem with cloudberry and awscli.
WinSCP 5.15.5 , 5.15.9 , 5.16.4 on Windows10 64bit

Symptom is the same as the following URL?
https://winscp.net/forum/viewtopic.php?t=27151

s3://bucket-name/userA/
s3://bucket-name/userB/

top list : ok
direct target userA : ok
click bucket-name on left pain : ng

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name"
            ],
            "Condition": {

                "StringLike": {
                    "s3:prefix": [
                        "",
                        "${aws:username}/",
                        "${aws:username}/*"
                    ]
                },                }
            }
        }
    ]
}

winscp log
. 2019-12-16 15:50:13.854 403 Forbidden
. 2019-12-16 15:50:13.854 Access Denied
. 2019-12-16 15:50:13.854 追加の詳細: RequestId: XXXXXXXXXXXXXXXXX, HostId: *****************************
< 2019-12-16 15:50:13.854 <?xml version="1.0" encoding="UTF-8"?>
< 2019-12-16 15:50:13.854 <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>XXXXXXXXXXXXXXXXX</RequestId><HostId>*****************************</HostId></Error>
. 2019-12-16 15:50:13.854 Running destroy hooks.
. 2019-12-16 15:50:13.854 Request ends.
. 2019-12-16 15:50:13.854 sess: Destroying session.
* 2019-12-16 15:50:13.854 (ECommand) ディレクトリ '/bucket-name' への移動のエラー。
* 2019-12-16 15:50:13.854 アクセスが拒否されました
* 2019-12-16 15:50:13.854 Access Denied
* 2019-12-16 15:50:13.854 追加の詳細: RequestId: XXXXXXXXXXXXXXXXX, HostId: *****************************

s3 log
GET /?delimiter=%2F&max-keys=1 HTTP/1.1" 403 AccessDenied 243 - 13 - "-" "WinSCP/5.16.4 neon/0.30.2" - *********************************** SigV4 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader bucket-name.s3.amazonaws.com TLSv1.2

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
32,391
Location:
Prague, Czechia

Re: Cannot list in bucket on S3.

Can you attach a full WinSCP session log file, as well as a log from another client, in which it works?

Reply with quote

Advertisement

You can post new topics in this forum