starred/s3fs-fuse
1
0
Fork 0
mirror of https://github.com/s3fs-fuse/s3fs-fuse.git synced 2026-04-25 21:35:58 +03:00
Code Issues 305 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #452] IAM user with S3 policy for access into specific folder - won't work.... #245

New issue
Closed
opened 2026-03-04 01:43:38 +03:00 by kerem · 4 comments
kerem commented 2026-03-04 01:43:38 +03:00
Owner
Copy link

Originally created by @SysEngDan on GitHub (Jul 15, 2016).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/452

Example:

Bucket name: dans_test_bucket
Folders within bucket: /folder1/folder2/
IAM User: dans_test_user
Policy: allow dans_test_user access only into dans_test_bucket/folder1/folder2/*

Policy:

{
  "Statement": [
    {
      "Sid": "Test Policy",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::dans_test_bucket/folder1/folder2/*",
      "Principal": {
        "AWS": [
          "arn:aws:iam::1234567890:user/dans_test_user"
        ]
      }
    }
  ]

}

How do I configure the local mount and CLI to access files in dans_test_bucket/folder1/folder2/ ?

Originally created by @SysEngDan on GitHub (Jul 15, 2016). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/452 Example: Bucket name: **dans_test_bucket** Folders within bucket: **/folder1/folder2/** IAM User: **dans_test_user** Policy: allow dans_test_user access only into dans_test_bucket/folder1/folder2/* Policy: ``` { "Statement": [ { "Sid": "Test Policy", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::dans_test_bucket/folder1/folder2/*", "Principal": { "AWS": [ "arn:aws:iam::1234567890:user/dans_test_user" ] } } ] ``` } How do I configure the local mount and CLI to access files in dans_test_bucket/folder1/folder2/ ?
kerem closed this issue 2026-03-04 01:43:38 +03:00
kerem commented 2026-03-04 01:43:39 +03:00
Author
Owner
Copy link

@bencodestx commented on GitHub (Jul 18, 2016):

s3:ListBucket on arn:aws:s3:::dans_test_bucket must also be granted to the user. This applies to the entire bucket so that the IAM user would be able to list ALL objects in the entire bucket (seeing the object names of ALL objects), but would only be able to access the objects with the folder1/folder2/ prefix.

<!-- gh-comment-id:233431190 --> @bencodestx commented on GitHub (Jul 18, 2016): s3:ListBucket on arn:aws:s3:::dans_test_bucket must also be granted to the user. This applies to the entire bucket so that the IAM user would be able to list ALL objects in the entire bucket (seeing the object names of ALL objects), but would only be able to access the objects with the folder1/folder2/ prefix.
kerem commented 2026-03-04 01:43:39 +03:00
Author
Owner
Copy link

@rodrigosrangel commented on GitHub (Oct 21, 2016):

I have the same problem reading files from a bucket, not owed by me.
The "owner" defined one folder for each of his clients (I'm one of them) and won't grant me the s3:ListBucket arguing that I can't identify all his other clients.
So I got stuck ,Created an account on AWS for testing this behavior and have no idea about how to solve it. Any ideas?

<!-- gh-comment-id:255484895 --> @rodrigosrangel commented on GitHub (Oct 21, 2016): I have the same problem reading files from a bucket, not owed by me. The "owner" defined one folder for each of his clients (I'm one of them) and won't grant me the s3:ListBucket arguing that I can't identify all his other clients. So I got stuck ,Created an account on AWS for testing this behavior and have no idea about how to solve it. Any ideas?
kerem commented 2026-03-04 01:43:39 +03:00
Author
Owner
Copy link

@anmolnagpal commented on GitHub (Jul 8, 2017):

Check This
https://www.cloudberrylab.com/blog/how-to-give-user-access-to-an-s3-folder-with-cloudberry-explorer/

<!-- gh-comment-id:313884038 --> @anmolnagpal commented on GitHub (Jul 8, 2017): Check This https://www.cloudberrylab.com/blog/how-to-give-user-access-to-an-s3-folder-with-cloudberry-explorer/
kerem commented 2026-03-04 01:43:39 +03:00
Author
Owner
Copy link

@ggtakec commented on GitHub (Mar 30, 2019):

We kept this issue open for a long time.
I will close this, but if the problem persists, please reopen or post a new issue.

<!-- gh-comment-id:478218848 --> @ggtakec commented on GitHub (Mar 30, 2019): We kept this issue open for a long time. I will close this, but if the problem persists, please reopen or post a new issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.97
v1.96
v1.95
v1.94
v1.93
v1.92
v1.91
v1.90
v1.89
v1.88
v1.87
v1.86
v1.85
v1.84
v1.83
v1.82
v1.81
v1.80
v1.79
v1.78
Pre-v1.78
v1.77
v1.76
v1.75
v1.74
Labels
Clear labels   
bug

   
bug

   
dataloss

   
duplicate

   
enhancement

   
feature request

   
help wanted

   
invalid

   
need info

   
performance

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
testing
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#245
No description provided.