Does the user executing sync from an ec2 instance to an S3 bucket need to have
access to the entire S3 tree?
Put works just fine (local file up to S3), but sync gives a 403 from S3 unless
the user (via IAM) has full access to all S3.
s3cmd put -recursive /mnt/incoming/ s3://bucket/incoming/
/mnt/incoming/file3.txt -> s3://bucket/incoming/file3.txt [1 of 1]
but
s3cmd sync -recursive /mnt/incoming/ s3://bucket/incoming/
ERROR: S3 error: 403 (AccessDenied): Access Denied
It seems related to the bucket the user has permissions to?
So put will work, but sync not if the policy (via IAM) is "Resource":
"arn:aws:s3:::bucket/incoming/*"
If you change it to your entire S3 bucket range sync does work: "Resource":
"arn:aws:s3:::*"
which if true is an issue since that opens things up way to far. Can anyone
else confirm
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________
S3tools-general mailing list
S3tools-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/s3tools-general
