Closed dburtsev closed 1 year ago
Note: I have "Access Denied" only when I run this script from my PC using keys. When I run this script without keys on EC2 instance with the attached role, I don't have any problems. Thanks, Dmitriy
@dburtsev You need to have the ListBuckets policy attached to your IAM user (having access keys and secret keys in above PowerShell snippet) in order to execute Get-S3Bucket
CmdLet. On the EC2 instance it might have worked because the IAM role has this policy attached to it.
I'm unsure how aws s3 ls 'bucket_name'
is working for you.
default
profile on your machine which has permissions to execute ListBuckets operation? May be AWS CLI is using the credentials from the default profile.You may try using the Get-STSCallerIdentity CmdLet and AWS CLI aws sts get-caller-identity to see if there is any difference.
Thanks, Ashish
Hello Ashish I don't have the ListBuckets policy for this particular account.
Are you executing AWS CLI command from within PowerShell terminal? I am executing AWS CLI command from PowerShell script
Do you have credentials configured in your default profile No. In EC2 we use attached role and in my PC keys are hardcoded in the script.
[aws sts get-caller-identity] { "UserId": "AIDAZ7DNFLRF5WRSTAXOC", "Account": "685276224587", "Arn": "arn:aws:iam::685276224587:user/svc_mocsdw01AccessPA" } [Get-STSCallerIdentity] Account Arn UserId
685276224587 arn:aws:iam::685276224587:user/svc_mocsdw01AccessPA AIDAZ7DNFLRF5WRSTAXOC
@dburtsev Unfortunately I'm unable to reproduce the issue. I get Access Denied error while using both AWS CLI aws s3 ls <<bucketname>>
and PowerShell CmdLet Get-S3Bucket <<bucketname>>
. Used the below 2 scenarios (after creating IAM user with programmatic access not having any permissions):
default
profile at %USERPROFILE%\.aws\credentials
.$Env:AWS_ACCESS_KEY_ID
and $Env:AWS_SECRET_ACCESS_KEY
.In both the cases:
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Get-S3Object
CmdLet returns error Get-S3Bucket: Access Denied
.Configured the credentials in default profile at %USERPROFILE%.aws\credentials.
We don't have any credentials in %USERPROFILE%.aws dir Directory of %USERPROFILE%.aws
08/02/2022 03:28 PM
%USERPROFILE%.aws>type config [default] region = us-east-1
Configured the credentials in default profile at %USERPROFILE%.aws\credentials.
We don't have any credentials in %USERPROFILE%.aws dir Directory of %USERPROFILE%.aws
08/02/2022 03:28 PM
. 08/02/2022 03:28 PM .. 08/02/2022 03:28 PM 31 config 1 File(s) 31 bytes 2 Dir(s) 25,655,758,848 bytes free %USERPROFILE%.aws>type config [default] region = us-east-1
@dburtsev I tested using both scenarios, including environment variable approach (as in your case) setting $Env:AWS_ACCESS_KEY_ID
and $Env:AWS_SECRET_ACCESS_KEY
. Anyway, your account needs to have ListBuckets
permission. I'm unsure on how your AWS CLI command works (you may try spinning up new EC2 without IAM role attached, installing PowerShell and AWS CLI, and try executing your scenario). Unfortunately, we are unable to troubleshoot environment specific issues.
Thanks, Ashish
Describe the bug
Hello I don't have permission to call the ListBuckets operation. I know my bucket name. I am using the access key and secret key. From the same script,
aws s3 ls 'bucket_name'
works but[Amazon.S3.Model.S3Bucket]$ResponseS3 = Get-S3Bucket -BucketName 'bucket_name'
does not. Error: Access Denied Thanks, DmitriyExpected Behavior
Get Amazon.S3.Model.S3Bucket object from Get-S3Bucket
Current Behavior
Access Denied
Reproduction Steps
$Env:AWS_ACCESS_KEY_ID='qwe' $Env:AWS_SECRET_ACCESS_KEY='xyz' aws s3 ls 'bucket_name' Amazon.S3.Model.S3Bucket]$ResponseS3 = Get-S3Bucket -BucketName 'bucket_name'
Possible Solution
No response
Additional Information/Context
No response
AWS Tools for PowerShell version used
Version 4.1.128
PowerShell version used
Name Value
PSVersion 7.2.5 PSEdition Core GitCommitId 7.2.5 OS Microsoft Windows 10.0.19042 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0
Operating System and version
Windows 10