Cannot download files from s3 bucket permissions

Who owns this outage? Building intelligent escalation chains for modern SRE. Podcast Who is building clouds for the independent developer? Featured on Meta. Now live: A fully responsive profile. Reducing the weight of our footer. Related Hot Network Questions.

Question feed. Greetings, Syndesi. Thanks for the feedback! Thanks for the tutorial. By using it, I initially built my first ever backup to Amaz S3 bucket successfully. Thanks for the tutorial, but you forgot to include how to download as indicated in your title. All rights reserved.

He should have permissions to do that, but instead I get the following:. S3 allows cross-account delegation of permissions, so that principals users, roles in one account can access resources in anothet account. But, to do this, both accounts must grant the necessary permissions: the account that owns the bucket must delegate the permission and the account that owns the principal must also grant the permission. In the bucket policy, this delegates the permission to the root of foreign account xxxxxxxxxxxx To perform a specific operation on a resource, an IAM user needs permission from both the parent AWS account to which it belongs and the AWS account that owns the resource.

Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 3 years, 3 months ago. Active 3 years, 3 months ago. Viewed 7k times. I tried loading up files with aws cli and set permissions there with a "--grants" option, but after uploading, I can't even download them myself via the aws console.

This policy says: Allow the user to whom this policy is attached permission to do anything with bucket If both the bucket and the user were in the same account, this policy would be sufficient to grant full access to the bucket. However, because bucket-1 actually belongs to a different account, the first policy above is also required so that account-1 actually grants access.

This means that the 2nd policy isn't actually granting access to the bucket - it is merely granting permission for account-user-2 to make a request to access the bucket. The real access is granted in the first policy. I then successfully used the credentials of accountuser to access bucket-1 :. If a bucket policy grants access to an object, you do not need to also grant access at the object-level.

The bucket policy you have listed would grant access to the bucket if it is being accessed via credentials that are issued from a role that is called user1 or user2. It's quite strange that you are giving 'user' prefixes to role names. For example, if you have an Amazon EC2 instance that is assigned an IAM role called user1 , then it will be automatically given credentials to access the bucket.

Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?

Collectives on Stack Overflow. Learn more. Why can't I download files from s3 bucket, when permissions are set? Ask Question. Asked 3 years, 7 months ago. Active 3 years, 7 months ago. Viewed 20k times. John Dirak John Dirak 55 1 1 gold badge 1 1 silver badge 8 8 bronze badges.