amazon web services - S3 IAM policy works in simulator, but not in real life -

-

i have client want able upload files, not navigate freely around s3 bucket. i’ve created them iam user account, , applied following policy:

{     "version": "2012-10-17",     "statement": [         {             "sid": "stmt1416387009000",             "effect": "allow",             "action": [                 "s3:listallmybuckets"             ],             "resource": [                 "arn:aws:s3:::*"             ]         },         {             "sid": "stmt1416387127000",             "effect": "allow",             "action": [                 "s3:listbucket"             ],             "resource": [                 "arn:aws:s3:::progress"             ]         },         {             "sid": "stmt1416387056000",             "effect": "allow",             "action": [                 "s3:abortmultipartupload",                 "s3:putobject"             ],             "resource": [                 "arn:aws:s3:::progress/*"             ]         }     ] }

there 3 statements:

  1. ability list buckets (otherwise can’t see in s3 console when log in)
  2. ability list contents of progress bucket
  3. ability put objects in progress bucket

the user can log in aws console username , password (and custom account url, i.e. https://account.signin.aws.amazon.com/console). can go s3 section of console, , see list of buckets. however, if click progress following error message:

sorry! denied access that.

i’ve checked iam policy simulator whether user has listbucket permission on bucket’s arn (arn:aws:s3:::progress) , policy simulator says user should allowed.

i’ve logged out , in again target user in case policies refreshed on log out, still no joy.

what have done wrong? have missed something?

my guess when using aws console call made bucket location before can list objects in bucket, , user doesn't have permission make call. need give account access getbucketlocation. relevant text documentation

when use amazon s3 console, note when click bucket, console first sends bucket location request find aws region bucket deployed. console uses region-specific endpoint bucket send bucket (list objects) request. result, if users going use console, must grant permission s3:getbucketlocation action shown in following policy statement:

{    "sid": "requiredbys3console",    "action": ["s3:getbucketlocation"],    "effect": "allow",    "resource": ["arn:aws:s3:::*"] }

Comments

Post a Comment

Popular posts from this blog

java - Oracle EBS .ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class ERROR -

-
i need in configuring java on machine because, when try loading forms, loader goes in circles , gives error: java.lang.classnotfoundexception: oracle.apps.fnd.formsclient.formslauncher.class @ sun.plugin2.applet.applet2classloader.findclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass0(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ java.lang.classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadcode(unknown source) @ sun.plugin2.applet.plugin2manager.createapplet(unknown source) @ sun.plugin2.applet.plugin2manager$appletexecutionrunnable.run (unknown source) @ java.lang.thread.run(unknown source) i have tried re-installing firefox, older versions of java runtime environments, disabling proxy. what missing? application working on other machines. i spent around 100 hours finding s
Read more

c# - how to use buttonedit in devexpress gridcontrol -

-
Image
i trying create gridcontrol buttonedit in 1 of columns. when user clicks button edit, popups form select product. when selection done on popup, returns datarow selection main grid below. but when column loses focus, value wrote column disappear. here code creates gridcontrol's data , buttonedit's click event. private void frmsiparisnew_load(object sender, eventargs e) { dt = new datatable(); dt.columns.add("malzeme_kodu",typeof(string)); dt.columns.add("malzeme_aciklama", typeof(string)); dt.columns.add("adet", typeof(decimal)); dt.columns.add("birim", typeof(string)); dt.columns.add("fiyat", typeof(decimal)); dt.columns.add("kur", typeof(string)); dt.columns.add("tutar", typeof(decimal)); datarow dr = dt.newrow(); dt.rows.add(dr); gc.datasource = dt; } private void repositoryitembuttoneditmal
Read more

nvd3.js - angularjs-nvd3-directives setting color in legend as well as in chart elements -

-
good morning i using angularjs-nvd3-directives, great, having difficulties when setting color of multi bar chart ( http://cmaurer.github.io/angularjs-nvd3-directives/multi.bar.chart.html ). the show legend works well: <div ng-controller="examplectrl"> <nvd3-multi-bar-chart data="exampledata" id="showlegendexample" width="550" height="300" showxaxis="true" showyaxis="true" xaxistickformat="xaxistickformatfunction()" showlegend="true"> <svg></svg> </nvd3-multi-bar-chart> </div> but when add option in conjunction color="colorfunction()" where, var colorarray = ['#ff0000', '#0000ff', '#ffff00', '#00ffff']; $scope.colorfunction = function() { return function(d, i) { return colorarray[i]; }; } the color of cha
Read more