1

I have been trying to do this simple thing of copying a file from my centos linux machine (outside AWS) to S3 bucket. I wanted it simple - have followed below steps -

1) Created S3 bucket

2) Created IAM user and assigned a policy to give full rights on above bucket only

3) Installed and configured s3cmd on centos machine as mentioned here - https://rbgeek.wordpress.com/2013/08/20/backup-to-amazon-s3-bucket-from-centos-6-4/

4) Kept configuration very simple - provided access and secret key with no encryption, no https

5) tried to put a file with below command s3cmd put test.txt s3://bucketname/

but it keeps on giving Access denied with debug says the reason is "forbidden"....

I have seen some other posts however all of them is lacking clear instruction on whether I should change my policy or s3cmd config. I would like to know if there is anyone aware what should be changed here.

MWM
  • 43
  • 1
  • 4
  • Just an added comment - if I put a full access to s3 policy (i.e. all buckets), it works fine. I believe it is at the previous policy where I am missing something. – MWM May 12 '15 at 21:08
  • include the policy that doesn't work. Also know that [aws-cli](http://aws.amazon.com/cli/) is substantially better than s3cmd. – tedder42 May 12 '15 at 21:58
  • Thanks. I will have a look. Can you provide a link where it states commands to put an object? I have also noticed instructions on this thread for s3cmd issue -http://stackoverflow.com/questions/11603583/necessary-s3cmd-s3-permissions-for-put-sync#. Will try that as well. – MWM May 12 '15 at 22:48
  • There are some on the linked page, scroll to "File Commands for Amazon S3 ". There is more comprehensive documentation linked on that page too. – tedder42 May 12 '15 at 22:50
  • If you run with --debug, it may present more information about where the Forbidden is coming from. Usually it's lacking a permission on the bucket in question. [put] should not require ListAllBuckets permission though. I expect it's failing on a sub-request: Sending request method_string='GET', uri='/?location', which it needs in order to properly sign the signature v4 request - it needs to know the bucket region. – Matt Domsch May 12 '15 at 23:23
  • Thanks @tedder42. Followign the instructions given on this link (first example) worked fine. http://docs.aws.amazon.com/IAM/latest/UserGuide/ExampleIAMPolicies.html – MWM May 13 '15 at 02:30

0 Answers0