AWS IAM not allowing PutObject

Question

Here is what I did:

1) Added the following policy to a IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": "arn:aws:s3:::bucket-name"
        }
    ] }

2) I signed in as that user using the aws-cli

3) Ran the following command:

aws s3 sync ./dist s3://bucket-name/ --delete

I get a bunch of this:

An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

The strange thing is that this works fine:

aws s3api list-objects --bucket bucket-name

which means that my policy is working at some level...

Thanks in advance

pQuestions123 pQuestions123 · Accepted Answer · 2016-11-30T20:11:08

Ok, I figured this out. The policy needs to be:

[
  {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ] 
  }
]

note the difference in resources. Basically, the bucket itself is considered a different resource from the objects inside it.

AWS IAM not allowing PutObject

1 Answers