s3fs refuses to mount s3 bucket when restricted IAM used

When using s3fs in a restricted IAM environment I got the following error

s3fs: CURLE_HTTP_RETURNED_ERROR
s3fs: HTTP Error Code: 403
s3fs: AWS Error Code: AccessDenied
s3fs: AWS Message: Access Denied

I have configured my policy to look like this

{
“Statement”: [
{
“Sid”: “Stmt1363960614183”,
“Action”: [
“s3:*”
],
“Effect”: “Allow”,
“Resource”: [
“arn:aws:s3:::acme-sugarcrm”
]
}
]
}

This did not work it appears that you need to be able to list all the buckets

{
“Statement”: [
{
“Sid”: “Stmt1363960576149”,
“Action”: [
“s3:ListAllMyBuckets”
],
“Effect”: “Allow”,
“Resource”: [
“arn:aws:s3:::*”
]
},
{
“Sid”: “Stmt1363960614183”,
“Action”: [
“s3:*”
],
“Effect”: “Allow”,
“Resource”: [
“arn:aws:s3:::acme-sugarcrm”,
“arn:aws:s3:::acme-sugarcrm/*”
]
}
]
}

Note the “arn:aws:s3:::acme-sugarcrm/*” line, this is required so you can add files and make directories.

 

Can not take the credit for this http://code.google.com/p/s3fs/issues/detail?id=153, even though it is fixed in 1.61 it still gave me an issue until I put the listallbuckets option into the policy. This does not really give me an issue in my environment but may in yours.

  1. Installing Owncloud | Amazon Web Services (AWS) tips n Tricks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

ifssoftware.wordpress.com/

Helping you achieve more

The Survival Guides's Blog

How to Survive IT and Holidays

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: