1

I'm using s3tools to sync files on a server and an s3 bucket. Specifically, I'm using the sync command. This, however, is not working correctly because I can't find the right permissions to assign to the user I've setup. Almost everything seems to be working but I constanlty get an error from the s3cmd sync command that "Remote Copy failed."

Here's my current policy: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "SomeSID",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket"
      ]
    },
    {
        "Effect": "Allow",
        "Action": [
          "s3:ListBucket",
          "s3:PutObject",
          "s3:PutObjectAcl",
          "s3:DeleteObject"
        ],
        "Resource": [
          "arn:aws:s3:::mybucket/some/path",
          "arn:aws:s3:::mybucket/some/path/*"
        ]
    }
  ]
}

Does anyone know what permissions I should add to make the remote copy possible?

fraxture
  • 5,113
  • 4
  • 43
  • 83

1 Answers1

1

I tested permissions for using the sync command provided as part of the AWS Command Line Interface.

This policy worked successfully:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "SomeSID",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket",
        "arn:aws:s3:::mybucket/*"
      ]
    }
  ]
}

Note: The s3:ListBucket operation works on a Bucket, while the other API calls operate on an Object.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470