s3:ListAllMyBuckets required?

gregm

I have set a specific policy for CBB to access only a specific bucket in a Wasabi account.
However, I get an error message saying that the user is not authorized to perform "s3:ListAllMyBuckets" which is true because I want CBB to access only 1 bucket, so I give CBB only the "s3:ListBucket" for its specific bucket.

Do we have to give CBB the ability to "s3:ListAllMyBuckets" (list all buckets, including those totally unrelated and possibly confidential) authorization entirely or is there a workaround so that CBB can list only the bucket that it is meant to access (s3:ListBucket is I believe the action for this) ?

Please let me know.

Thanks

David Gugick

↪gregm

See if this blog post helps. http://blog.cloudberrylab.com/2010/10/how-to-create-subaccounts-and-share.html?m=1

gregm

Hi David,

The policy on this blog post doesn't work. CBB is still asking for full ListAllMyBuckets read access and returns this error:

"[USER] is not authorized to perform: s3:ListAllMyBuckets on resource: arn:aws:s3:::"

David Gugick

↪gregm

Did you add the bucket as an "external bucket" as indicated in the article? iF so, and it's still not working, I'd encourage you to open a support ticket - you can use the Help | Send Feedback menu option to automatically open the case (reference this post in the comments please).

Now, select the newly created account in the drop down list. If you look at the list of buckets it will be empty. This is because we have not granted the user a right to list all buckets. You have to add a bucket as an external bucket manually. Click a green button on the tool bar and type the bucket name manually.

gregm

Totally missed your response, sorry about that.
It seems that there is no way around s3:ListAllMyBuckets according to support.

s3:ListAllMyBuckets required?

Welcome to MSP360 Forum!

Categories

More Discussions