TechQA.

Boto3: aws credentials with limited permissions

2.4k views Asked by At

I was provisioned some AWS keys. These keys give me access to certain directories in a s3 bucket. I want to use boto3 to interact with the directories that were exposed to me, however it seems that I can't actually do anything with the bucket at all, since I don't have access to the entire bucket.

This works for me from my terminal:

aws s3 ls s3://the_bucket/and/this/specific/path/

but if I do: 

aws s3 ls s3://the_bucket/

I get:

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

which also happens when I try to access the directory via boto3.

session = boto3.Session(profile_name=my_creds)
client=session.client('s3')
list_of_objects = client.list_objects(Bucket='the_bucket', Prefix='and/this/specific/path', Delimiter='/')

Do I need to request access to the entire bucket for boto3 to be usable?

python amazon-web-services amazon-s3 boto boto3
Original Q&A
1

There are 1 answers

0
Yonatan Kiron On

You need to set this Bucket Policy:

{
  "Sid": "<SID>",
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::<account>:user/<user_name>"
  },
  "Action": [
    "s3:GetBucketLocation",
    "s3:ListBucket"
  ],
  "Resource": "arn:aws:s3:::<bucket_name>"
}

For more information about Specifying Permissions in a Policy

Related Questions in PYTHON

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in BOTO

Related Questions in BOTO3

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions