barman-cloud-backup currently uses the head-bucket operation of the s3api to check for existence and access to the targeted S3 bucket. For those trying to write restricted policy to prefixes within the bucket, the only thing that allows head-bucket to properly work is to allow ListBucket to the entirety of the bucket. If using the equivalent of aws-cli s3 ls, the policy can allow for checking that the root of the bucket exists while also restricting prefixes levels below the root of the bucket, permitting for a more secure solution.
If this is a feasible feature request it would be greatly appreciated if it could be implemented.
barman-cloud-backup currently uses the head-bucket operation of the s3api to check for existence and access to the targeted S3 bucket. For those trying to write restricted policy to prefixes within the bucket, the only thing that allows head-bucket to properly work is to allow ListBucket to the entirety of the bucket. If using the equivalent of aws-cli s3 ls, the policy can allow for checking that the root of the bucket exists while also restricting prefixes levels below the root of the bucket, permitting for a more secure solution.
If this is a feasible feature request it would be greatly appreciated if it could be implemented.