midnightcodr
commented
5 years ago We found the solution to this issue :) . The following privileges are needed in order for CE to move objects properly:
"s3:GetObjectTagging",
"s3:PutObjectTagging"
We implemented this a few days ago and it worked almost as expected. Files uploaded are tagged properly - But we found an issue that we can't seem to solve. In our firm, we use Cloudberry Explorer (CE) to move files from
our_bucket_name/others/(I'll call this A)to
our_bucket_name/others/finished/(I'll name this B)Prior to implementing the lamda function, our staffs were able to drag files that were processed from location A to location B. After adding the virus scanning feature, the move operation would result in "Access Denied" error. We ruled out it's the permission issue, because testing with aws node worked (aws.copyObject) without errors. By looking at scan.py seems the only operation that the scanner modifies the s3 object is
set_av_tags.We also tried upgrading Cloudberry Explorer to the newest version available but the error persists. I understand that there might be some issues with CE but can someone shed some lights on why the tagging operation from the scanner would break CE - Removing virus scanning solved the "Access Denied" error.