so has anybody been able to get Identity and Access Management ( IAM ) accounts to work with s3cmd? i have used s3cmd allot with my s3 account but i would like to had off some management to another user. so i created one in IAM. that user is able to upload content using other tools but i can not seem to get s3cmd to work for them, i always get access denied when i run s3cmd -configure and enter the IAM user credentials.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I got some excellent help on the mailing list so i thought i would document what i had to do to make IAM work. for what ever reason you need to give your IAM user full access to everything to begin with. something like this…
{
"Statement": [
{
"Sid": "r3admin1",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
then dos 3cmd -configure
then reset your policies on that user to restrict thier access down to what you want. i my case i did a group policy to just list all buckets and have full access to a couple of those buckets. this use of IAM made be feel better about using this app on a server without leaving my root credentials in the .ini file. ill leave more notes here http://www.region3dfg.org/IM/fm/cloudfm/s3/s3cmd
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
so has anybody been able to get Identity and Access Management ( IAM ) accounts to work with s3cmd? i have used s3cmd allot with my s3 account but i would like to had off some management to another user. so i created one in IAM. that user is able to upload content using other tools but i can not seem to get s3cmd to work for them, i always get access denied when i run s3cmd -configure and enter the IAM user credentials.
I got some excellent help on the mailing list so i thought i would document what i had to do to make IAM work. for what ever reason you need to give your IAM user full access to everything to begin with. something like this…
{
"Statement": [
{
"Sid": "r3admin1",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
then dos 3cmd -configure
then reset your policies on that user to restrict thier access down to what you want. i my case i did a group policy to just list all buckets and have full access to a couple of those buckets. this use of IAM made be feel better about using this app on a server without leaving my root credentials in the .ini file. ill leave more notes here
http://www.region3dfg.org/IM/fm/cloudfm/s3/s3cmd