AWS S3 CLI ACL public-read gives me 403 with sync command

Question

AWS S3 CLI ACL public-read gives me 403 with sync command

I cannot figure out why I am getting a 403 resolved error when I view the page. I am using AWS CLI with the following command:

aws s3 sync [source] [s3 destination] --acl public-read --recursive --delete --profile [my_profile]

In IAM, my policy is:

{
  "Version": "2012-10-17",
  "Statement": [
{
  "Effect": "Allow",
  "Action": ["s3:ListBucket"],
  "Resource": ["bucket_location"]
},
{
  "Effect": "Allow",
    "Action": [
      "s3:PutObject",
      "s3:PutObjectAcl",
      "s3:GetObject",
      "s3:DeleteObject"
    ],
      "Resource": ["bucket_location"]
    }
  ]
}

The paths are correct as they are uploading files, but they seem to ignore the public-read -acl option. When I use the cp command it looks like it works fine. I just like to use sync to use the -delete option to clean up. Any ideas?

+3

amazon-s3 amazon-web-services acl aws-cli

w1n78 23 nov. 14 at 17:23

source to share

2 answers

Sébastien Stormacq · Answer 1 · 2014-11-24T06:15:49+0000

In your second policy statement (c PutObject,...

), be sure to include the wildcard for your object names:

"Resources" : [ "bucket_name/*" ]

Did you know you can test your policies using the online Policy Simulator tool ?

w1n78 · Answer 2 · 2014-11-24T19:05:36+0000

Well, here's what I found through @sebsto, the proposed policy simulator: I need both PutObjectAcl

, and so PutBucketAcl

. Synchronization is now working.

AWS S3 CLI ACL public-read gives me 403 with sync command

More articles: