copyObject throws Access Denied if source key is not present #6523
Labels
bug
This issue is a bug.
p3
This is a minor priority issue
response-requested
Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days.
service-api
This issue is due to a problem in a service API, not the SDK implementation.
Checkboxes for prior research
Describe the bug
To perform copyObject according to aws docs, you need s3:GetObject and s3:PutObject permissions. That works fine with only those permissions.
Problem: If source key (file) does not exist in the bucket, API throws misleading error:
AccessDenied: User: arn:aws:sts:#########r is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::my_bucket because no identity-based policy allows the s3:ListBucket action
Obviously s3:ListBucket is not needed. Error thrown should be 'key not present, check source...' or anything like that.
Regression Issue
SDK version number
@aws-sdk/[email protected], CopyObjectCommand
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
node 18.19.0
Reproduction Steps
delete the source file
Observed Behavior
AccessDenied: User: arn:aws:sts:#########r is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::my_bucket because no identity-based policy allows the s3:ListBucket action
Expected Behavior
Obviously s3:ListBucket is not needed. Error thrown should be 'key not present, check source...' or anything like that.
Possible Solution
change the error/response from API to user
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: