I’m getting an error while trying to open a folder on an S3 bucket. I am able to browse the xxx-yyyyyy-us-e1-nprod-project bucket but when I attempt to open the Dremio_POC folder I get the following error:
java.nio.file.AccessDeniedException: s3a://xxx-yyyyyy-us-e1-nprod-project/Dremio_poc: getFileStatus on s3a://xxx-yyyyyy-us-e1-nprod-project/Dremio_poc: com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: B4F131866A825BA2), S3 Extended Request ID: 2pvLpdSOvj7cgt9Yk5lI2KsbBYcEf3yYSL2KYwL+fgR6HeONADbdBiez+/qQepDobzjWjlZTY+Y=
Other systems/applications with the same credentials are having no issues .
For Dremio we’re using the following AWS IAM policy:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:ListAllMyBuckets”,
“s3:GetBucketLocation”
],
“Resource”: “arn:aws:s3:::"
},
{
“Effect”: “Allow”,
“Action”: [
“s3:ListBucket”
],
“Resource”: [
“arn:aws:s3:::xxx-yyyyyy-eu-w1-nprod-scratch”,
“arn:aws:s3:::xxx-yyyyyy-us-e1-nprod-project”
],
“Condition”: {
“StringEquals”: {
“s3:prefix”: [
“”,
“Dremio/”,
“Dremio_poc/”
],
“s3:delimiter”: [
“/”
]
}
}
},
{
“Effect”: “Allow”,
“Action”: [
“s3:ListBucket”
],
“Resource”: [
“arn:aws:s3:::xxx-yyyyyy-eu-w1-nprod-scratch”,
“arn:aws:s3:::xxx-yyyyyy-us-e1-nprod-project”
],
“Condition”: {
“StringLike”: {
“s3:prefix”: [
"Dremio/”,
“Dremio_poc/"
]
}
}
},
{
“Effect”: “Allow”,
“Action”: [
“s3:PutObject”,
“s3:GetObject”,
“s3:DeleteObject”,
“s3:GetObjectAcl”
],
“Resource”: [
"arn:aws:s3:::xxx-yyyyyy-eu-w1-nprod-scratch/Dremio/”,
“arn:aws:s3:::xxx-yyyyyy-us-e1-nprod-project/Dremio_poc/*”
]
}
]
}
Any assistance you could provide would be most helpful.