Attempting to pull down the contents of an S3 bucket using the AWS CLI, I'm getting the following:
aws s3 cp --region us-east-1 s3://s3.amazonaws.com/my-bucket . --recursive
A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied
Completed 1 part(s) with ... file(s) remaining
Using aws s3 sync
similarly fails.
The user policy is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::*"]
}
]
}
(I've tried various less restrictive policies too, but to no avail).
I've tried an empty bucket policy, and also this bucket policy:
{
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "Stmt1357935647218",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket",
"Principal": {
"AWS": [
"arn:aws:iam::XXXXXXXXXX:user/my-user"
]
}
},
{
"Sid": "Stmt1357935676138",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket/*",
"Principal": {
"AWS": [
"arn:aws:iam::XXXXXXXXXX:user/my-user"
]
}
}
]
}
Interestingly, this does work:
aws s3api list-objects --region us-east-1 --bucket my-bucket
Best Answer
The format for specifying an s3 location is
s3://bucket/key
so instead ofs3://s3.amazonaws.com/my-bucket
you would uses3://my-bucket/
.