search

danilop / yas3fs

YAS3FS (Yet Another S3-backed File System) is a Filesystem in Userspace (FUSE) interface to Amazon S3. It was inspired by s3fs but rewritten from scratch to implement a distributed cache synchronized by Amazon SNS notifications. A web console is provided to easily monitor the nodes of a cluster.
http://danilop.github.io/yas3fs
MIT License
643 stars 98 forks source link

IAM policy incomplete for versioned buckets #152

Closed longwave closed 7 years ago

longwave commented 7 years ago

I am happily using yas3fs with the suggested IAM policy, but it stopped working when I enabled versioning on a bucket. In debug mode I could see log entries such as:

Download-0000 2017-06-21T15:18:13.083 ERROR S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message>

I suspect this may be related to https://github.com/boto/boto/issues/3219 and that the IAM policy needs to include "s3:GetObjectVersion" though I fixed this for the time being by allowing all permissions on my bucket. If I manage to determine the exact permissions required I will update this issue and raise a PR.

longwave commented 7 years ago

Re-tested this today with tighter permissions and it seems s3:GetObjectVersion is the only additional permission needed for yas3fs to work with versioned buckets.