amazon web services - Root user is denied downloading from s3 bucket -


using s3cmd after configuring root privileges (access key , secret key), whenever try download bucket using sync or get , receive strange error of permission root account:

warning: remote file  s3error: 403 (forbidden):

the owner user have made using iam console, correct expect root user should full , unrestricted access? using aws-cli unknown error

a client error (unknown) occurred when calling getobject operation: unknown

also thought had add bucket policy allow root access (as strange sounds), first step added annonymous access policy

{     "version": "2012-10-17",     "statement": [         {             "effect": "allow",             "principal": "*",             "action": [                 "s3:getobject"             ],             "resource": [                 "arn:aws:s3:::mybucket/*"             ]         }     ] }

but still errors same above. owner of bucket root user (the 1 trying access same owner). understanding wrong here? how can restore root user's access own bucket made 1 of own iam users?

for of s3 read permissions work, need not allow objects allow listbucket on bucket(s), listallmybuckets , getbucketlocation, consolidated version:

{ "version": "2012-10-17", "statement": [     {         "effect": "allow",         "action": "s3:listallmybuckets",         "resource": "arn:aws:s3:::*"     },     {         "effect": "allow",         "principal": "*",         "action": [             "s3:get*",             "s3:list*"         ],         "resource": [             "arn:aws:s3:::mybucket/*",             "arn:aws:s3:::mybucket"         ]     } ] }

see more examples @ aws iam documentation


Comments

Post a Comment

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

Image
in fullcalendar, how format date used in popover widget title when clicking '+n more'? code: <div class="fc-popover fc-more-popover"> <div class="fc-header fc-widget-header"> <span class="fc-close fc-icon fc-icon-x"></span> <span class="fc-title">tuesday, april 7</span> ... </div> ... </div> you use daypopoverformat that. determines date format of title of popover created eventlimitclick option. must date formatting string. default value "dddd, mmmm d" english , "ll" other languages.
Read more

Bubble Sort Manually a Linked List in Java -

Image
this first question here. trying manually sort linked list of integers in java , can not figure out wrong code. suggestions? don't error, still have output unordered. tried few different ways, nothing worked. appreciate if can me that. public class node { int data; node nextnode; public node(int data) { this.data = data; this.nextnode = null; } public int getdata() { return this.data; } } // node class public class datalinkedlist implements datainterface { private node head; private int size; public datalinkedlist(){ this.head = null; this.size = 0; } public void add(int data) { node node = new node(data); if (head == null) { head = node; } else { node currentnode = head; while(currentnode.nextnode != null) { currentnode = currentnode.nextnode; } currentnode.nextnode = node; ...
Read more

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a...
Read more