Can't list all buckets with Object Read & Write R2 permissions

[austinm911]

When following along aws4fetch | Cloudflare R2 docs, I am unable to list all buckets with these permissions

• Object Read & Write: Allows the ability to read, write, and list objects in specific buckets.
• Specify bucket(s) - Apply to all buckets in this account (including newly created buckets)

import { AwsClient } from 'aws4fetch'

if (!process.env.CLOUDFLARE_ACCESS_KEY_ID || !process.env.CLOUDFLARE_SECRET_ACCESS_KEY) {
    throw new Error('CLOUDFLARE_ACCESS_KEY_ID or CLOUDFLARE_SECRET_ACCESS_KEY is not set')
}

const R2_URL_BASE = `https://${process.env.CLOUDFLARE_ACCOUNT_ID}.r2.cloudflarestorage.com`

const createR2UrlForBucket = (bucketName: string) => `${R2_URL_BASE}/${bucketName}`

export const S3 = new AwsClient({
    region: 'auto',
    service: 's3',
    accessKeyId: process.env.CLOUDFLARE_ACCESS_KEY_ID,
    secretAccessKey: process.env.CLOUDFLARE_SECRET_ACCESS_KEY,
})

const ListBucketsResult = await S3.fetch(R2_URL_BASE)
console.log(await ListBucketsResult.text()) //  <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>

const ListObjectsV2Result = await S3.fetch(`${createR2UrlForBucket('MyBucket')}?list-type=2`)

console.log(await ListObjectsV2Result.text()) // this works

However, the admin permissions appear to work

• Admin Read & Write: Allows the ability to create, list and delete buckets, edit bucket configurations, as well as list, write and read objects

Not sure if this is expected behavior. It would be expected the current permissions would work

[mhart]

An AccessDenied error occurs after any signature checks have occurred – so this is nothing to do with aws4fetch, which must be signing the request correctly.

I'd suggest finding help in the Cloudflare Discord or forums or similar