s3cmd IAM problem and solving it

19 Sep

I had a problem with the popular s3cmd application and IAM permissions, and was able to solve it.

Using Amazon’s IAM, it is possible to provision fine-grained permissions to users for any of your AWS accounts.

I tried to setup such an IAM account for s3cmd, a popular command-line tool that I use all the time. But for some reason, s3cmd kept giving me 403 permission errors … even though I thought I had set up the buckets and permissions correctly.

But thanks to this blog from RegionGIS, I was able to find the problem and fix/test it.

I had initially set up the IAM permissions for something like this in the AWS console:

"Resource": [
  "arn:aws:s3:::bucket/folder/"
]

But that apparently isn’t quite right. It gives permission for the folder, but NOT for anything under it.

So the right permission is something like this (again set through IAM web console):

"Resource": [
  "arn:aws:s3:::bucket/folder/",
  "arn:aws:s3:::bucket/folder/*"
]

Once the IAM user is set up with folder permissions as above, s3cmd should merrily work and upload/download files as you set it!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: