3

I'm using awscli to sync 2 buckets (same account):

aws s3 sync --only-show-errors s3://bucket-1 s3://bucket-2

but for some files I get permission errors:

copy failed: s3://bucket-1/dirname/file.flac to s3://bucket-2/dirname/file.flac An error occurred (AccessDenied) when calling the UploadPartCopy operation: Access Denied

(in some cases the the failing operation is CopyObject)

this only seems to happen for .flac files. all other files are .mp3s, so the only difference is I can think of is the file size.

since I'm using a user with full s3 permissions for this, I don't understand why this is happening (or how this could be fixed).

kindoflike
  • 131
  • 1
  • 5
  • did you get your problem answered? If yes please accept one of the answers to reward the responders for the time they spent answering you. Thanks. – MLu Sep 20 '18 at 03:26

2 Answers2

1

Could it be that the object is owned by a different account?

It may happen when a bucket in AWS account AAA is writable by AWS account BBB, e.g. through BucketPolicy, but the writer (in BBB) didn't specify --acl bucket-owner-full-control permission when uploading it.

Check the object's ACL using:

aws s3api get-object-acl --bucket bucket-1 --key dirname/file.flac

Similar for the destination - if an existing object is owned by a different account you won't be able to overwrite it. That's why UploadPartCopy would fail.

Hope that helps.

MLu
  • 24,849
  • 5
  • 59
  • 86
0

for me it failed because UploadPartCopy operation require additional permissions then regular copy, I changed policy to s3:List* and it worked.

user1013762
  • 1