I have an AWS account with data on S3. This is an MFA account and I am able to access the folders via the web. I am trying to connect to S3 from CLI. I have installed AWS CI on my mac. I have saved the access key, secret key, access token and region in a profile named mfa_0729.
When I am running the following in my terminal
aws s3 ls --profile mfa_0729 I get the error
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
When I run the same code using the bucket aws s3 ls s3://my-bucket/ , I get the error
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Can someone point out what I am doing wrong here?
Related
My account has two S3 buckets, both them have the same permission settings. The same account has one EB and an EC2 instance generated by the EB. There are several policies attached to this ec2 instance role, one policy is AmazonS3FullAccess.
I test accessing S3 buckets from that EC2 instance using command aws s3 ls s3://bucket-name.
But received different results.
One bucket give the list of objects, but one bucket gives error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Can you please give any comments on that?
I installed the aws command line client on my Mac High Sierra system. I set the credentials and region using
aws configure
However, when I attempt to see any contents or specific bucket contents, I get "Access Denied" ...
localhost:tmp davea$ aws s3 ls
An error occurred (SignatureDoesNotMatch) when calling the ListBuckets operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.
localhost:tmp davea$ aws s3 ls s3://my-bucket-us
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Does this mean my key/secret is wrong or just that the admin hasn't given me permissions to perform these actions?
You can check whether the configured credentials are accessible by the command line by calling
aws sts get-caller-identity
If the identity is what is expected, and if you are using a session token, you should try setting it again in the config file.
I got the S3 credential (Access Key ID,AWS Secret Access Key) and some bucket name "abc/deepesh" where I have to put the file.
So I configure the AWS CLI.
aws configure
AWS Access Key ID [****************XZ6A]: *********
AWS Secret Access Key [****************n7ht]:******
Default region name [None]:
Default output format [None]:
Now I tried to access the object:-
aws s3 ls s3://abc/deepesh
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
aws s3 ls abc/deepesh
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
aws s3 ls
An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
after getting this response I think that its access issue in AWS side which need to change. but this is not true, because this accessible from "CyberDuck tool"
Also accessible from Java code using AWS SDK.
So what is the problem, why I am not able to access from AWS CLI.
I have created an s3 bucket with no policy and have uploaded a file with kms encryption . I have granted my ec2 instances full s3 access but still I'am not able to download the encrypted file(using aws CLI). it shows the following error: " An error occurred (AccessDenied) when calling the GetObject operation: Access Denied" but
I can download non-encrypted files from the same bucket with the same instance without any problem. Where am I gng wrong?
You also need to grant the instance access to the KMS key that was used to encrypt the file.
After configure AWSCLI using command aws configure . I'm trying to download files from S3 bucket to local folder test, using following command
aws s3 sync s3://sourceBucket ./test --delete
but it's throwing following error message
download failed: s3://sourceBucket/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
download failed: s3://sourceBucket/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war to test/jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
sourceBucket had following permissions
sourceBucket permissions Image - clickhere
When I check List of objects in sourceBucket using this command
aws s3api list-objects --bucket sourceBucket --query 'Contents[].{Key: Key, Size: Size}'
following is the output of it
[
{
"Key": "jobs/Test/1/slider-test-0.0.1-SNAPSHOT.war",
"Size": 2546325
},
{
"Key": "jobs/Test/2/slider-test-0.0.1-SNAPSHOT.war",
"Size": 3571598
}
]
could some one let me know how to solve this, I need to download the all objects from s3 sourceBucket to local folder test.
Thank you.
If you use KMS to encrypt your S3 files, also make sure the IAM user / role has access to use the appropriate key to decrypt the file. In your KMS dashboard, click on 'Customer Managed Keys' then click on the specific key used for the S3 bucket. You'll then need to add the appropriate accounts / roles to the key policy. For more see: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam