Cannot list in bucket on S3. :: Support Forum

khashi Guest

Cannot list in bucket on S3.

2019-12-17 00:46

Cannot list in bucket on S3.
There is no problem with cloudberry and awscli.
WinSCP　5.15.5 , 5.15.9 , 5.16.4 on Windows10 64bit

Symptom is the same as the following URL?
https://winscp.net/forum/viewtopic.php?t=27151

s3://bucket-name/userA/
s3://bucket-name/userB/

top list : ok
direct target userA : ok
click bucket-name on left pain : ng

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name"
            ],
            "Condition": {

                "StringLike": {
                    "s3:prefix": [
                        "",
                        "${aws:username}/",
                        "${aws:username}/*"
                    ]
                },                }
            }
        }
    ]
}

winscp log
. 2019-12-16 15:50:13.854 403 Forbidden
. 2019-12-16 15:50:13.854 Access Denied
. 2019-12-16 15:50:13.854 追加の詳細: RequestId: XXXXXXXXXXXXXXXXX, HostId: *****************************
< 2019-12-16 15:50:13.854 <?xml version="1.0" encoding="UTF-8"?>
< 2019-12-16 15:50:13.854 <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>XXXXXXXXXXXXXXXXX</RequestId><HostId>*****************************</HostId></Error>
. 2019-12-16 15:50:13.854 Running destroy hooks.
. 2019-12-16 15:50:13.854 Request ends.
. 2019-12-16 15:50:13.854 sess: Destroying session.
* 2019-12-16 15:50:13.854 (ECommand) ディレクトリ '/bucket-name' への移動のエラー。
* 2019-12-16 15:50:13.854 アクセスが拒否されました
* 2019-12-16 15:50:13.854 Access Denied
* 2019-12-16 15:50:13.854 追加の詳細: RequestId: XXXXXXXXXXXXXXXXX, HostId: *****************************

s3 log
GET /?delimiter=%2F&max-keys=1 HTTP/1.1" 403 AccessDenied 243 - 13 - "-" "WinSCP/5.16.4 neon/0.30.2" - *********************************** SigV4 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader bucket-name.s3.amazonaws.com TLSv1.2

Reply with quote