Menu
I have a windows machine that need to sync a folder with S3.
I try
"C:\Program Files\amazon\AWSCLI\aws.exe" s3 sync components s3://test/MyTest/ --acl public-read -- cache-control "public, must-revalidate, proxy-revalidate, max-age=1800" got error "A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied"
s3 rm and s3 cp for the same directory works fine.
I have the following permissions :
"Sid": "VisualEditor4", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": 
621
aws s3 cp will copy all files, even if they already exist in the destination area. It also will not delete files from your destination if they are deleted from the source. aws s3 sync looks at the destination before copying files over and only copies over files that are new and updated.
The s3 sync command synchronizes the contents of a bucket and a directory, or the contents of two buckets. Typically, s3 sync copies missing or outdated files or objects between the source and target.
AWS sync command recursively copies new and updated files from the source ( Directory or Bucket/Prefix ) to the destination ( Directory or Bucket/Prefix ). AWS sync command only creates folders within the destination if they contain one or more files.
It only copies files that have been added or changed since the last sync. It is designed as a one-way sync, not a two-way sync. Your file is being overwritten because the file in the Source is not present in the Destination. This is correct behavior.
You need all this actions:
s3:DeleteObjects3:GetBucketLocations3:GetObjects3:ListBuckets3:PutObjectNot only PutObject, for get work S3 Sync, use this policy:
{ "Version": "2012-10-17", "Statement": [ { "Resource": [ "arn:aws:s3:::YOUR_BUCKET_NAME", "arn:aws:s3:::YOUR_BUCKET_NAME/*" ], "Sid": "Stmt1464826210000", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject" ] } ] } Synchronizing files also requires READ permissions because the AWS Command-Line Interface (CLI) needs to view the existing files to determine whether they already exist or have been modified.
Thus, you will also need to grant ListBucket permission.
If you use aws s3 cp instead of aws s3 sync, then this is not required.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
