copyObject throws Access Denied if source key is not present #6523
Comments
marcindyelp
added
bug
|
Hi @marcindyelp - thanks for reaching out. This is something I need to confirm with S3 team but in one S3 docs, it's mentioned that you need When you initiate a CopyObject operation, S3 needs to verify the existence of the source object in the source bucket. To do this, it needs to list the contents of the source bucket, which requires the Best, |
aBurmeseDev
added
response-requested
Checkboxes for prior research
Describe the bug
To perform copyObject according to aws docs, you need s3:GetObject and s3:PutObject permissions. That works fine with only those permissions.
Problem: If source key (file) does not exist in the bucket, API throws misleading error:
AccessDenied: User: arn:aws:sts:#########r is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::my_bucket because no identity-based policy allows the s3:ListBucket action
Obviously s3:ListBucket is not needed. Error thrown should be 'key not present, check source...' or anything like that.
Regression Issue
SDK version number
@aws-sdk/[email protected], CopyObjectCommand
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
node 18.19.0
Reproduction Steps
delete the source file
Observed Behavior
AccessDenied: User: arn:aws:sts:#########r is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::my_bucket because no identity-based policy allows the s3:ListBucket action
Expected Behavior
Obviously s3:ListBucket is not needed. Error thrown should be 'key not present, check source...' or anything like that.
Possible Solution
change the error/response from API to user
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: