5

Here's the error I keep receiving:

A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied

I've triple-checked my credentials and googled this error to my wits' end. I edited my bucket policy to add an s3:ListBucket action, but to no avail. When I do so, it just returns a similar message:

A client error (AccessDenied) occurred when calling the ListBuckets operation: Access Denied

This is also my first time creating an s3 bucket so it's quite possible I missed some important step.

I have triple-checked my keys and even tried creating an additional user (editing the bucket permissions to allow for authenticated users). Always returns the same error.

starball
  • 20,030
  • 7
  • 43
  • 238
Mallory Busch
  • 51
  • 1
  • 1
  • 3
  • I would start again from scratch, with a new bucket and a new IAM user. Don't add any policy to the bucket. Instead add an S3 policy to your IAM user (see http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html#iam-policy-example-s3 for an example). Then set your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables for the IAM user's access key and secret key, then use the awscli to invoke 'aws s3 ls s3://mybucket'. – jarmod Oct 24 '15 at 21:18
  • Could you show us your policy (Bucket Policy and appropriate IAM policy)? – John Rotenstein Oct 25 '15 at 05:49

2 Answers2

16

I found this question after I was getting the same (2nd) error as you:

$ aws s3 ls

A client error (AccessDenied) occurred when calling the ListBuckets operation: Access Denied

It turns out that there is a specific policy permission that you need to add to be able to list all the available buckets:

{
    "Sid": "AllowListingOfAllBuckets",
    "Effect": "Allow",
    "Action": [
        "s3:ListAllMyBuckets"
    ],
    "Resource": [
        "arn:aws:s3:::*"
    ]
},

As you don't state which command you were running to generate the error, I can't say whether this will be helpful to the OP, but hopefully it will help someone else who stumbles upon this post in the same situation as me.

Lee Netherton
  • 21,347
  • 12
  • 68
  • 102
7

I had a very similar problem. My user had S3FullPermissions and I could create buckets and list all of them:

aws s3 mb s3://my-bucket
make_bucket: s3://my-bucket/

aws s3 ls
2017-03-24 12:30:34 my-bucket

But when I tried to run:

aws s3 ls s3://my-bucket
A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied

The error itself was related with the awscli version I was using and not with any misconfiguration of my buckets/users/policies. To solve it, I removed the awscli package installed from my distro repository and installed it using pip:

# apt-get remove awscli
# pip install awscli

Hope this help someone in a similar situation, I have wasted several hours trying to guess what was going on here.

Victor Henriquez
  • 1,399
  • 15
  • 26