I'm trying to grant RW access to a given bucket to a specific user using the following bucket policy:
{
"Id": "Policy1322043790167",
"Statement": [
{
"Sid": "Stmt9999043784080",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::private_bucket/*",
"Principal": {
"AWS": [
"arn:aws:iam::999903749999:user/my.username.under.my.aws.account"
]
}
}
]
}
As far as I can notice it's pretty equals to the examples at http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html and I've followed what is documented at http://docs.amazonwebservices.com/IAM/latest/GettingStartedGuide/index.html?SetUpAdminsGroup.html
Bu it's not working. Using the user AWS Key and Secret Key with the .NET SDK or with CloudBerry Explorer I get an "Access Denied" error.
What am I missing?
The following log is a snippet of the operations log tried by Cloudberry:
System.Net.WebException O servidor remoto retornou um erro: (403) Proibido. em System.Net.HttpWebRequest.GetResponse() em db.A(dD , Action`1 , HttpWebRequest , dW )
2011-11-23 08:36:10,505 [S3] [4] INFO - InternalListBucketCall start, bucket: secured_bucket, prefix: , marker: , maxkeys: 1, delimiter: / 2011-11-23 08:36:11,388 [S3] [4] ERROR - Http response status: 403: Forbidden 2011-11-23 08:36:11,390 [S3] [4] ERROR - Http response header: x-amz-request-id: 70941BB8654CE12E 2011-11-23 08:36:11,392 [S3] [4] ERROR - Http response header: x-amz-id-2: JssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u/KZAFaPBFBECF7YDMPnckVpyhaDE 2011-11-23 08:36:11,394 [S3] [4] ERROR - Http response header: Transfer-Encoding: chunked 2011-11-23 08:36:11,396 [S3] [4] ERROR - Http response header: Content-Type: application/xml 2011-11-23 08:36:11,398 [S3] [4] ERROR - Http response header: Date: Wed, 23 Nov 2011 10:36:31 GMT 2011-11-23 08:36:11,400 [S3] [4] ERROR - Http response header: Server: AmazonS3 2011-11-23 08:36:11,402 [S3] [4] ERROR -
AccessDenied
Access Denied70941BB8654CE12EJssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u/KZAFaPBFBECF7YDMPnckVpyhaDE 2011-11-23 08:36:11,404 [S3] [4] ERROR - InternalListBucketCall failed for bucket: secured_bucket, prefix: , marker: , maxkeys: 1, delimiter: / CloudBerryLab.Base.Exceptions.Status403Exception Access Denied2011-11-23 08:36:11,407 [UI] [4] ERROR - Operation completed with errors. Click Details for more information. CloudBerryLab.Base.Exceptions.Status403Exception Access Denied em kT.A(String , String , String , Int32 , String , FH ) em kT.B(String , String ) em kM.a(String , Boolean ) em HW.a(String , Boolean ) em HW.A(String ) em CloudBerryLab.Explorer.Console.Controls.PluginArea.A(Object , DoWorkEventArgs )
2011-11-23 08:36:18,776 [Base] [11] INFO - PROCESSOR_ARCHITECTURE=x86