We Keep Coding

Permission Required for deleteAfterRead on Camel S3 Component

I'm using the Camel S3 component to read objects uploaded to a particular S3 bucket. The objects are read successfully.
However, using "deleteAfterRead=true" fails with a 403 (no permission)
I have granted all the permissions in the "write" category, on the bucket, but I still get the error.
Right now these are the permissions. Any idea what I'm doing wrong?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:DeleteObject",
"s3:ListBucketMultipartUploads",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::my-camel-bucket"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::*/*"
}
]
}

I found the answer: for the s3:DeleteObject Action, I needed to specify the resource with a * at the end. So, arn:aws:s3:::my-camel-bucket/* instead of simply arn:aws:s3:::my-camel-bucket
However, for the ListBucket, I needed just the bucket name. So, what I have working now is this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::my-camel-bucket"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::my-camel-bucket/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::*/*"
}
]
}

Permission issues with: listing s3 buckets

What permission do I need to change to allow listing all s3 buckets?
I can run: aws s3 ls s3://bucketname;
but I cannot run: aws s3 ls;
The bucket policy is this:
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Sid",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::6666666:user/myuser"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::bucketname"
}
]
}

Credit due from this post: https://stackoverflow.com/a/35746318/1242581
I needed the ListAllMyBuckets action on my user or user's group:
{
"Sid": "AllowListingOfAllBuckets",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}

S3 Bucket policy access denied

I am trying to setup AWS S3 policy for a specific user.It works find when i attach a policy to a user but my bucket policy access denied. Started with specific actions but in the following it is wide open. Here is my policy.Appreciate, if you can point out on what am i missing here.
{
"Id": "Policy1540550791287",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1540550707671",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::testabc1234abc",
"Principal": {
"AWS": [
"arn:aws:iam::<accountid>:user/test1"
]
}
},
{
"Sid": "Stmt1540550788846",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::testabc1234abc/*",
"Principal": {
"AWS": [
"arn:aws:iam::<accountid>:user/test1"
]
}
}
]
}

S3 policy for allowing requests with Cognito credentials: AWS

I'm trying to policy json into my S3 bucket which will make my bucket accessible using Cognito credentials. Following is the policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketName12345",
"Condition": {
"StringLike": {
"s3:prefix": "cognito/angularApplicationName/"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketName12345/cognito/angularApplicationName/${cognito-identity.amazonaws.com:sub}",
"arn:aws:s3:::bucketName12345/cognito/angularApplicationName/${cognito-identity.amazonaws.com:sub}/*"
]
}
]
}
but I get a warning saying "your bucket is public....". Since I'm very new to AWS, can somebody point out what am I missing here?

How do I grant access to all subfolders of a folder in Amazon S3?

Here is the policy I wrote in Amazon S3. I thought it should give access to subfolders because of the * but it is giving access denied errors when the user tries to create or view subfolders. How can I change this to work?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserToSeeBucketListInTheConsole",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "AllowRootAndMediaListingOfCompanyBucket",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::mycoolbucket"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"",
"media/"
],
"s3:delimiter": [
"/"
]
}
}
},
{
"Sid": "AllowAllS3ActionsInMediaFolder",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mycoolbucket/media/*"
]
}
]
}
More details:
I logged into the console as the user. I went to the media folder. I then click on a folder inside of media and got the message "Error access denied".

You are missing permissions to list the contents of the media folder. Add the following statement to your policy.
Note: Your policy should be added to the user(s) and not to the bucket itself. A better choice is to create an IAM group, attach the policy to the group and then add each user to the group (which you mentioned that you are doing).
{
"Sid": "AllowListingOfMediaFolder",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::mycoolbucket"],
"Condition":{"StringLike":{"s3:prefix":["media/*"]}}
},

With this policy, I'm able to grant access to all subfolders of a folder in Amazon S3
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<<bucketname>>",
"Condition": {
"StringLike": {
"s3:prefix": "foldername/*"
}
}
},
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:GetObject*",
"s3:PutObject*",
"s3:ListBucket",
"s3:DeleteObject*"
],
"Resource": "arn:aws:s3:::<<bucketname>>/foldername/*"
}
]
}