UPDATE: everything works fine the next day!?! So I think the answer might be that you have to wait some period of time, either after creating a new IAM user, or after creating a new bucket, before uploads will work.
I created a dedicated IAM user, then did aws configure, and gave the key, and specified the "eu-west-1" region. I can see the correct information in ~/.aws/config.
I tried aws s3 mb s3://backup but got told it already existed. aws s3 ls confirmed it did not. However aws s3 mb s3://backup-specialtest did work.
But when I try aws s3 cp test.tgz s3://backup-specialtest I get:
A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Anonymous users cannot initiate multipart uploads. Please authenticate.
It is not just big files that are the problem. I made a 6-byte text file, and tried to upload with aws s3 cp test.txt s3://backup-specialtest/ but get:
upload failed: ./test.txt to s3://backup-specialtest/test.txt A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied
Trying aws s3 ls s3://backup-specialtest gives me:
A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied
Trying aws s3api get-bucket-acl --bucket backup-specialtest gives me:
A client error (AccessDenied) occurred when calling the GetBucketAcl operation: Access Denied
I had already attached the "AmazonS3FullAccess" policy to my user, in the AWS web console. When I click show policy I get:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
That looks good: he can do all S3 actions, on all resources.
While writing this I thought I'd double-check I could still create a new bucket, and hadn't broken anything along the way. So I tried aws s3 mb s3://another-test and got:
make_bucket failed: s3://another-test/ A client error (BucketAlreadyExists) occurred when calling the CreateBucket operation: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
But when I try: aws s3 mb s3://another-test-2 I get success:
make_bucket: s3://another-test-2/
And it is there: aws s3 ls
2015-11-13 11:07:10 another-test-2
2015-11-13 10:18:53 backup-specialtest
2014-08-05 21:00:33 something-older
(That last bucket appears to have been created by the root user, last year, and is empty.)
Best Answer
First you need to understand that bucket names are unique across the whole amazon domain. So if a user already has a bucket named "backup", you will not be able to create a new one with this name.
That been said, You have two main ways to manage permissions of buckets.
otherwise, you also can use bucket policy (same place as permissions mentioned above). You will find bucket policies example here. As an example, something like this one should make your bucket public: