Can upload files but can't list S3 bucket objects. Get access denied error

Question

I'm trying to list all the files in my S3 bucket. But constantly getting the error Access denied. I think I have the necessary permissions in my IAM user :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SID",
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetBucketAcl",
                "s3:GetBucketCORS",
                "s3:GetBucketLocation",
                "s3:GetBucketLogging",
                "s3:GetBucketNotification",
                "s3:GetBucketPolicy",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketWebsite",
                "s3:GetLifecycleConfiguration",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectTorrent",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTorrent",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions",
                "s3:ListMultipartUploadParts",
                "s3:PutBucketAcl",
                "s3:PutBucketCORS",
                "s3:PutBucketLogging",
                "s3:PutBucketNotification",
                "s3:PutBucketPolicy",
                "s3:PutBucketRequestPayment",
                "s3:PutBucketTagging",
                "s3:PutBucketVersioning",
                "s3:PutBucketWebsite",
                "s3:PutLifecycleConfiguration",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectVersionAcl",
                "s3:RestoreObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket/*"
            ]
        }
    ]
}

Is I grant full access to S3, (AmazonS3FullAccess policy), I can list the objects. What might be the issue? I think I only removed permissions to delete and create buckets in the custom policy.

When I add full access to the same policy :

        "Action": [
            "s3:*"
        ],

still I can't list objects. But with the current permissions I can upload and delete objects.

Answer 1

Just found the answer! The Actions allowed in the policy are correct. The problem is with the Resource. I was using this :

"Resource": [
   "arn:aws:s3:::bucket/*"
]

But it looks like it does not give permission to the root of the bucket. No full access. So, to make it work, we have to remove / like this :

"Resource": [
   "arn:aws:s3:::bucket*"
]

Now it's working like a charm.