1

I created a new bucket test1 and it has two folders upload and download.Below is my policy attached to a user. i connected using aws cli with access and secret access keys and was successfully able to upload a document to s3://test1/upload/. Using cloudberry explorer when i try to upload to s3://test1/upload/ folder it fails with 403 forbidden error. I am using the same keys to connect to aws cli and cloudberry but not sure what is causing the issue.Can any one please help with this.

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Action": "s3:ListAllMyBuckets",
          "Resource": "arn:aws:s3:::*",
          "Effect": "Allow"
      },
      {
          "Action": [
          "s3:ListBucket",
          "s3:GetBucketLocation"
          ],
          "Resource": "arn:aws:s3:::test1",
          "Effect": "Allow",
          "Condition": {
                "StringEquals": {
                     "s3:prefix": [
                          "",
                          "/",
                          "download/",
                          "download/*",
                          "upload/",
                          "upload/*"
                        ]
                      }
               }
     },
     {
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::test1/download/*",
         "Effect": "Allow"
     },
     {
         "Action": [
         "s3:GetObject",
         "s3:PutObject",
         "s3:DeleteObject"
         ],
        "Resource": "arn:aws:s3:::test1/upload/*",
        "Effect": "Allow"
     }
  ]
}
Putharekulu
  • 131
  • 2
  • 13
  • Indentation helps read code and policies too. – JMA Dec 20 '17 at 19:59
  • Can you confirm that you are trying to upload to: "Resource": "arn:aws:s3:::test1/upload/*" and not to "Resource": "arn:aws:s3:::test1" or to "Resource": "arn:aws:s3:::test1/download/*" – JMA Dec 20 '17 at 20:03
  • indented the code. Yes i am trying to upload to s3://test1/upload/ folder. From aws cli i am able to successfully but not from clouberry explorer – Putharekulu Dec 20 '17 at 20:05
  • What policies do you have for the AWS access key and secret key that you used to connect cloudberry to your AWS account? If this is a different access key from the one you use with the CLI that might be the issue. – JMA Dec 20 '17 at 20:24
  • there is only one inline policy for this user and that policy is posted above. i am using exactly the same access and secret keys when trying to connect to from cli and cloudberry – Putharekulu Dec 20 '17 at 20:48
  • anyone has anything to say on this issue? – Putharekulu Dec 21 '17 at 21:44
  • Are you able to download? – JMA Dec 21 '17 at 21:52
  • yes i am able to download. only uploading to s3://test1/upload/ fails in cloudberry explorer – Putharekulu Dec 23 '17 at 00:34

1 Answers1

0

Could you try Fiddler for traffic checking? For better understanding where your request faced with 403 error.

Let me know.

Alex
  • 275
  • 1
  • 5